all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

From ‘huh ’ to privilege escalation finding vulnerabilities from a bug in the AWS... - Ben Bridts

Add to bookmarks
July 13, 2023, 8:53 p.m. | fwd:cloudsec

fwd:cloudsec www.youtube.com

Abstract: Security research is not something that’s only done by dedicated teams and companies. Sometimes it will be a developer or platform engineer that makes the jump from “that’s not how I expect it to work” to “that’s not how it’s supposed to work”.

In this talk we’ll walk through the process we took when we found strange behaviour in the AWS console, tried to debug what’s going wrong and ended up finding an API that didn’t check iam:PassRole correctly. …

aws ben bug companies developer engineer escalation expect platform privilege privilege escalation research security security research teams vulnerabilities work

Visit resource

More from www.youtube.com / fwd:cloudsec

fwd:cloudsec 2024 North America - Day 2, Ballroom DE 1 day, 8 hours ago | www.youtube.com
fwd:cloudsec 2024 North America - Day 1, Ballroom DE 1 day, 8 hours ago | www.youtube.com
fwd:cloudsec 2024 North America - Day 2, Ballroom AB 1 day, 8 hours ago | www.youtube.com
fwd:cloudsec 2024 North America - Day 1, Ballroom AB 1 day, 8 hours ago | www.youtube.com
How Citi Advanced Their Containment Capabilities Through Automation - Damien Burks, Elvis Veliz 10 months, 2 weeks ago | www.youtube.com
advanced automation automation and orchestration aws +19
Google Cloud Threat Detection: A Study in Google Cloud - Day Johnson 10 months, 2 weeks ago | www.youtube.com
cloud detection finger google +7
Vulnerabilities and Misconfigurations in GitHub Actions - Rojan Rijal 10 months, 2 weeks ago | www.youtube.com
actions attack attack vectors cd pipeline +11
It's Just a Name, Right - Nathan Eades 10 months, 2 weeks ago | www.youtube.com
access attack aws cloud +17
AWS Presigned URLs The Good, The Bad, and The Ugly - Jarom Brown 10 months, 2 weeks ago | www.youtube.com
access actions attack attackers +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com