AWS Cognito Security — Cognito User Pool Introduction and User Attributes
Unveil the intricacies of Amazon Cognito User Pools in our latest blog post. We delve into the technicalities of user attributes, identifiers, and app clients, guiding you through the login flow and token reception. Discover how to leverage Cognito tokens for data collection and learn to navigate common misconfigurations that developers might miss.
AWS Cognito Security — Overview
Discover the hidden security risks in Amazon Cognito with our blog series. Dive into AWS Cognito’s structure, components, and use cases, uncovering new attack vectors and misconfigurations.
AWS Cognito User Pool — Shared User Pools
Explore the risks of shared User Pools in AWS Cognito where users from one app can access another, potentially exposing sensitive resources.
TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
When You Have No Bars
A major network update failure led to a massive cellphone service outage across the US, impacting thousands and disrupting essential services. Despite cellular networks’ redundancy, the incident highlighted vulnerabilities in communication infrastructure when multiple base stations fail simultaneously.
WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet
A starting point for a comprehensive pen test on any application written using the Meteor framework. In addition to exploiting some of the framework’s inherent vulnerabilities, it contains a set of classes that can help script a variety of attacks.