CloudSec Tidbits is a blogpost series showcasing interesting bugs found by Doyensec during cloud security testing activities. We’ll focus on times when the cloud infrastructure is properly configured, but the web application fails to use the services correctly.
Each blogpost will discuss a specific vulnerability resulting from an insecure combination of web and cloud related technologies. Every article will include an Infrastructure as Code (IaC) laboratory that can be easily deployed to experiment with the described vulnerability.
- Tidbit #1 - The Danger of Falling to System Role in AWS SDK Client
- Tidbit #2 - Tampering User Attributes In AWS Cognito User Pools
- Tidbit #3 - Messing around with AWS Batch For Privilege Escalations
This project was made with love in Doyensec Research island.