Internet Scale Analysis of AWS Cognito Security
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Syllabus
Intro
Full AWS account compromise
Privilege escalation
What Is Amazon Cognito?
Amazon Cognito use case
Create new identity pool
Assign IAM roles to identities
IAM policy example
Internet Scale analysis
Challenge #1: Identity Pool UUID4
Google only indexes text
Other (boring) sources
Challenge #2: Enumerate permissions
Enumerate permissions and avoid jail time
Enumerate permissions / Performance
Privileges and roles
Identity pool sources
Usable identity pools
Insecure configurations
Lambda function environment variables
Insecure by default documentation
Restrictions on Unauthenticated Cognito roles
Developer can shoot himself in the foot
Least privilege principle and more...
Hard-coded credentials
Key takeaways
Taught by
BruCON Security Conference
Related Courses
Being a Cyberdefender - Behind the CurtainsBruCON Security Conference via YouTube Bypassing Microsoft Defender for Identity
BruCON Security Conference via YouTube A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
BruCON Security Conference via YouTube Android Malware Targeting Belgian Financial Apps
BruCON Security Conference via YouTube Chasing the White Whale of Malware
BruCON Security Conference via YouTube