In the workshop we demonstrated a full attack path exploiting non-human identities, starting with initial access to AWS through an exposed secret in a public GitHub repo. We then continued to privilege escalation through a service account, gained access to source code, and managed to steal customer details and perform a supply chain attack.