Today, we are launching "The Big IAM Challenge" — a cloud security Capture The Flag (CTF) event. The mission? Identify and exploit AWS IAM misconfigurations, and learn from real-world scenarios.
This challenge is open to everyone - from beginners seeking to learn more about IAM security configurations to experienced professionals wanting to brush up on their skills. No special software, no complex set-ups - all you need is the AWS Command Line Interface (CLI), which is already integrated into the challenge's website.
The challenge consists of 6 steps, with each one focusing on a common IAM configuration mistake in various AWS services. You will have the opportunity to identify and exploit these errors while applying your knowledge in real-world scenarios.
The challenge is designed for individual participation. But we definitely encourage collaboration! You can form a team and discuss strategies with your colleagues or friends. Just remember, the challenge's completion will be individually tracked.
Claim your glory
Finishers who register will find their names honored on our live leaderboard and will receive an official certificate signifying their AWS IAM expertise.
For those of you attending fwd:cloudsec 2023 or AWS re:inforce 2023, we have a special surprise! Once you complete The Big IAM Challenge, visit our booth at these events and present your confirmation of completion to claim your prize. If you can't attend, don't worry - the challenge is accessible online from anywhere, and you can still claim your certificate.
Ready, Set, Secure!
This challenge is more than a game; it's an opportunity to enhance your cloud security skills and engage in a meaningful adventure with a community of like-minded individuals. So, are you ready to face The Big IAM Challenge?
The Big IAM Challenge represents a unique opportunity for individuals to deepen their understanding of AWS IAM configurations. It's a stimulating, hands-on experience that reflects real-world scenarios, designed to both educate and challenge. We look forward to seeing the impressive problem-solving skills and technical knowledge of all participants.
Shir Tamari, Head of Research
This challenge was designed and developed by our expert Wiz Research team. Need a helping hand or have questions? Reach out to our team at research@wiz.io, or via Twitter (@nirohfeld, @shirtamari).
Today we are excited to announce the Wiz Runtime Sensor. The sensor collects signals in real-time from the workload runtime to simplify threat detection and response in the cloud as part of our Cloud Detection and Response (CDR) capabilities.
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management