Thanks for putting this together Scott - I remember running through the exercises a year or so ago and realising how awesome some of these mistakes are. I ended up turning the S3 bucket stuff into a conference presentation, after bruteforcing *.s3.amazonaws.com for valid buckets, and checking their permissions/ACLs.

Great for bug bounties, or in UpGuard’s situation, a tonne of publicity from private data being accessible from public buckets.