What started as a Cloud Village CTF at DC33 turned into a private API for CloudShell with persistent access to free compute, networking, and storage. We’ll look at console/non-API/API barriers, automation of a non-API service, IAM obfuscation, logging/monitoring, user lock out, overcoming file/container resets, and backdoors.