Presented at
CactusCon 12 (2024),
Feb. 16, 2024, 4 p.m.
(60 minutes).
I have found AWS Cognito much more common in my targets and as a vector to compromise applications deployed in AWS. This talk will review what AWS Cognito is, what are some common misconfigurations, and how to exploit those misconfigurations as an external or internal attacker. Terraform templates will be provided for attendees to deploy some of these vulnerable situations and do hands on learning on their own time.
Presenters:
-
David Bravo
- Security Consultant @ BishopFox
David is a Security Consultant at Bishop Fox who focuses on application and cloud security. He has worked with Fortune 500 firms and startups in various industries to assess and improve the security of their applications and cloud environments. David holds a Bachelor of Science in Computer Science from New York University.
Links:
Similar Presentations: