All labs
Lab 50
Secure Architecture

Least Privilege & Blast Radius

A credential leaks. With an over-permissive role the attacker's reach spreads across every resource; with least privilege the damage is contained to one box. Smaller privilege, smaller blast radius.

The analytics service's credential is about to leak. Choose how much access its role has, then leak it โ€” and watch the blast radius.
๐Ÿ“ˆ
Analytics service
holds a credential
๐Ÿ—„๏ธ
Patient DB
ย 
๐Ÿ’ณ
Payments
ย 
๐Ÿ‘ฅ
User admin
ย 
๐Ÿ“‹
Audit logs
ย 
๐Ÿ“
Reports (read-only)
ย 
โš™๏ธ
System config
ย 
Resources exposed
0 / 6
Blast radius
โ€”
What just happened