This demonstration shows how a lateral movement attack can be executed within Amazon Web Services via a known vulnerability in a popular DevOps tool, bypassing native WAF protection. Once the service is compromised, lateral movement to an adjacent subnet allows the discovery of secret information and exfiltration from the S3 buckets to a private file. This type of lateral movement attack can be just as effective in Microsoft Azure and Google Cloud platforms.