https://arbaazjamadar.com/tags/loose-policies/Recent content in Loose Policies on Arbaaz breaks stuff | Incident Response, Threat Modeling, offensive security, CTF writeups, Security Projects, Certifications, Log analysis, SIEM Hugo -- gohugo.io enreachout@arbaazjamadar.com (Arbaaz Jamadar) reachout@arbaazjamadar.com (Arbaaz Jamadar)©2025 arbaazjamadar.comThu, 02 Apr 2026 00:00:00 +0000 https://arbaazjamadar.com/wiz/wiz-happy-birthday/ Thu, 02 Apr 2026 00:00:00 +0000 reachout@arbaazjamadar.com (Arbaaz Jamadar) https://arbaazjamadar.com/wiz/wiz-happy-birthday/ Loose resource policies enable the attacker to perform unauthenticated data exfiltration from S3 bucket. The attacker is able to collect and develop all the resource arn's via publicly available endpoints.CTFCTF WriteupCloud SecurityMisconfigurationssecurity CTF writeupWiz CTF writeupWizHappy BirthdayData ExfilCompromised IncidentHappy BirthdaywizWIZWiZWiz: Happy BirthdayWiz: BirhtdayCode analysisApplication SecurityreversingLoose PoliciesLoosely configured StringLike Conditional ChecksBypass StringLikeSNS topic ExfilEnumerate S3 bucketsAccount ID derivationCTF WriteupsCloud SecurityNetwork SecurityWeb SecurityRace conditionStatic code analysisApplication Security