AWS Cognito Security — Cognito User Pool Introduction and User Attributes
Unveil the intricacies of Amazon Cognito User Pools in our latest blog post. We delve into the technicalities of user attributes, identifiers, and app clients, guiding you through the login flow and token reception. Discover how to leverage Cognito tokens for data collection and learn to navigate common misconfigurations that developers might miss.
AWS Cognito Security — Overview
Discover the hidden security risks in Amazon Cognito with our blog series. Dive into AWS Cognito’s structure, components, and use cases, uncovering new attack vectors and misconfigurations.
AWS Cognito User Pool — Shared User Pools
Explore the risks of shared User Pools in AWS Cognito where users from one app can access another, potentially exposing sensitive resources.
Bypassing SSRF Filters Using r3dir
We demonstrate how to use the r3dir tool to bypass some SSRF filters. r3dir is a convenient redirection service made for SSRF filter bypasses.
WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet
A starting point for a comprehensive pen test on any application written using the Meteor framework. In addition to exploiting some of the framework’s inherent vulnerabilities, it contains a set of classes that can help script a variety of attacks.
WebSockets and Meteor: A Penetration Tester’s Guide to Meteor
This post introduces Meteor, a JavaScript framework that makes heavy use of WebSockets, and describes its attack surface and vulnerabilities.