HTB BlackSky Hailstorm Review
This isn’t your usual CTF. That was the first thing that crossed my mind when I fired up BlackSky: Hailstorm, one of the three professional cloud labs offered by Hack The Box.
And I was right; it’s the closest experience I’ve had to a real-world AWS infrastructure assessment. The vulnerabilities were realistic, mirroring the kind of misconfigurations and attack paths you’d find in actual breaches.
Overview
Hailstorm simulates a realistic AWS environment, packed with a collection of AWS misconfigurations and privilege escalation vectors frequently encountered in real-world cloud security engagements. It is an exceptional proving ground for practitioners aiming to sharpen their AWS security assessment skills.
This hands-on, flag-driven experience challenges your ability to think critically, chain exploits, and maintain situational awareness as you move through various attack surfaces — including web applications, APIs, serverless components, and more.
What is BlackSky Labs?
For those unfamiliar, BlackSky Labs is Hack The Box’s advanced lab series explicitly designed for cutting-edge, hands-on cloud security training. Each lab focuses on one of the major cloud platforms delivered in fully isolated environments that mirror real-world enterprise infrastructure. Completing these labs equips security teams with the skills to rapidly identify vulnerabilities, respond to risks with agility, and proactively secure their cloud environments against evolving threats.
As someone comfortable with AWS but eager to gain deeper offensive cloud experience, I knew this challenge was the perfect opportunity to polish my cloud security skills and learn new hack tricks on core services like EC2s, S3 buckets, IAM roles, Lambda functions, SageMaker, Beanstalk, etc.
The goal of the lab is to capture 15 flags strategically hidden within a complex web of interconnected AWS services. I started the challenge on May 24, 2025, but with several work projects running in parallel, it took me almost a month to reach the final flag. I officially wrapped it up on June 23, 2025.
Challenge Overview
The lab centers around a fictional company, Mega Multinational, which is transitioning from traditional on-premises infrastructure to modern cloud platforms. You are brought in as a security consultant to assess their cloud readiness and identify potential risks in their evolving environment.
To finish the Hailstorm lab and walk away with the cert, you’ll need to do more than just hunt for low-hanging misconfigs. This challenge pushes you to go deep—reading up on AWS proprietary services, digging through AWS CLI man pages, decoding IAM policies, and really understanding how things work under the hood.
Prerequisites
- An HTB Enterprise account with a Cloud Labs subscription or Ultimate pricing plan.
- VPN or Pwnbox connection. This comes with unlimited instances within the HTB Enterprise Platform and makes it convenient to connect to the target environment and work on a lab on the go.
- Intermediate familiarity with AWS pentesting and exploitation methods (This is a CTF-style lab focused on self-guided exploration rather than step-by-step instructions, so a problem-solving mindset and persistence are essential.)
- Familiarity with network discovery (nmap), network traversal (SSH), docker, web, and API exploitation techniques relevant to AWS exploitation.
Who is BlackSky: Hailstorm for?
The lab is designed specifically for security professionals who want to expand their knowledge of AWS environments and gain practical offensive experience.
Skills / Knowledge
- Knowledge of cloud infrastructure
- Knowledge of the Linux operating system
- Intermediate knowledge of web and network exploitation
Attitude / Mentality
- A willingness to undertake a significant amount of research
- Patience and perseverance
- Thinking outside the box
What will you gain?
Upon completion of the lab, players will become familiar with the tools and techniques used to exploit AWS environments, as well as knowledge in the following areas:
- AWS enumeration
- Exploitation of serverless applications
- Exploiting misconfigurations
- Lateral movement
- Local privilege escalation
- Mitigations and best practices
- Situational awareness
- Web application and API exploitation
Skills You’ll Need (and Build Along the Way)
I’d say Hailstorm sits right in the “intermediate” zone. You’ll need to know your way around:
- IAM policies, roles, and assumed identities
- EC2 metadata & snapshots
- S3 bucket misconfigs
- Serverless attacks (Lambda, Beanstalk, SageMaker)
- Cloud privilege escalation techniques
But even if you’re not a cloud wizard yet, you’ll learn fast. It’s one of those labs where each success builds on the next, and the challenge curve is steep but rewarding.
What Do You Get After?
Besides the pure satisfaction of surviving the storm?
- A slick HTB Cloud Security Specialist (Offensive) certificate👏
- 40 ISC2 CPE credits
- Bragging rights. Because yes, this is one of the harder AWS labs out there.
Final Thoughts
Overall, my experience with Hailstorm was both challenging and incredibly rewarding. For seasoned cloud pentesters, this challenge is an excellent opportunity to level up your AWS pentesting skills. While the lab may be overwhelming for beginners, those with a solid background will find it a valuable step forward in their cloud security journey. It’s a comprehensive and well-designed lab that I would confidently recommend to anyone serious about offensive cloud security.
Should You Try It?
If you’re...
- Comfortable in AWS but want to go deeper
- Preparing for a cloud security assessment
- Or just want to get your hands dirty with real cloud misconfigurations…
Do it ⚡️⚡️⚡️!
- Familiarize yourself with IAM enumeration and take time to explore attack vectors unique to each AWS service.
- HTB recommends Breakpoint, Genesis, and Cybernetics Pro Labs as preparation for Hailstorm. These labs help build a strong foundation in enumeration, exploitation, and privilege escalation—skills that are essential before tackling the complexity of an AWS black-box environment like Hailstorm.
- If you hit a wall, don’t hesitate to reach out to HTB Enterprise Support—they’re there to help.