Memory Corruption is not commonly associated with Cloud Security. While taken seriously, it is a theoretical risk that is rarely reported to be exploited successfully. We believe that there are multiple reasons: Cloud services are typically written in Memory Safe languages and run behind Load Balancers that introduce variability that defeats common Exploit techniques. Finally, attackers are missing crucial information about the binary they are targeting, such as offsets for ROP chains etc. In this talk, we explain how attacking Cloud services differs from conventional Memory Corruption targets and challenges that attackers need to overcome. We then go in-depth into an end-to-end vulnerability chain that resulted in Remote-Code-Execution on Google Cloud’s Artifact Analysis backend. Our goal for this talk is to demonstrate that exploiting Memory Corruption vulnerabilities is feasible, even when using Memory Safe languages and without attacker knowledge of the backend binary.