YoVDO

Internet-Scale Analysis of AWS Cognito Security

Offered By: Ekoparty Security Conference via YouTube

Tags

Ekoparty Security Conference Courses Cloud Security Courses Vulnerability Analysis Courses

Course Description

Overview

Explore the results of an internet-scale analysis of AWS Cognito security configurations in this 48-minute conference talk from Ekoparty 2019. Delve into the identification of 2500 identity pools, granting access to over 13000 S3 buckets, 1200 DynamoDB tables, and 1500 Lambda functions. Begin with an introduction to AWS Cognito and its configuration for end-user access to AWS resources. Examine step-by-step demonstrations of configuration weaknesses in specific AWS accounts and Cognito identity pools. Learn about the automation techniques used for large-scale analysis, including the extraction of Cognito identity pool IDs from thousands of decompiled Google Play Store APKs and Common Crawl data. Discover the in-depth permission brute-force tool used to identify potential breaches of the least privilege principle. Gain valuable recommendations for secure Cognito configuration and insights into the widespread nature of this issue. Presented by Andrés Riancho, an application and cloud security expert known for leading the open-source w3af project and his contributions to AWS and GCP cloud security research.

Syllabus

Andrés Riancho - Internet-Scale analysis of AWS Cognito Security - Ekoparty 2019


Taught by

Ekoparty Security Conference

Related Courses

Case Studies in Embedded VR - Silvio Cesare - Ekoparty Security Conference - 2022
Ekoparty Security Conference via YouTube
The Making of an Aerospace Village Badge - Dan Allen - Ekoparty 2021: Patagon Aerospace
Ekoparty Security Conference via YouTube
IIoT, Data Infrastructure, Smart Factory - Sarka Pekarova - Ekoparty 2021: OT - IIOT - IOT Space
Ekoparty Security Conference via YouTube
Gotham City- SSH from Zero to Trust - Lucas Calisi - Ekoparty Security Conference - 2021
Ekoparty Security Conference via YouTube
Sleight of ARM- Demystifying Intel Houdini - Brian Hong - Ekoparty 2021- Hardware Hacking Space
Ekoparty Security Conference via YouTube