Skip to main content

Labs

Each lab creates a deliberately vulnerable environment, runs stave apply, and verifies the findings. Pick a domain and work through the scenario.

DomainWhat it covers
S3Public-read buckets, long-lived IAM keys, ransomware protection gaps, forensic auditability.
IAMShadow admin paths through compute roles, privilege drift, cross-account KMS key policy isolation.
CognitoUnauthenticated identity pool to S3 takeover — the classic misconfigured Cognito path.
Multi-ServiceCross-service misconfigurations detected by compound chain analysis (sadcloud, chain discovery).
Lambda MicroVMEight labs for the Lambda MicroVM control family: overprivileged roles, missing TagSession, public artifact buckets, secrets in snapshots, and compound paths.
AdvancedReasoning engines, control authoring, policy forge, logic traces, compliance evidence, and lab metrics.
Skill TrackGuided six-step progression: build → first findings → lab validation → write a control → reasoning engines → snapshot your account.
Data ImportBring data from Steampipe or Docker into Stave's observation format.
Docker ScenariosCurated S3 misconfiguration scenarios running entirely in Docker — nothing touches your cloud account.
HackerOne Case Studies30 real HackerOne reports replayed through Stave: public exposure, dangling references, presigned URL scope, and compound cross-service chains.