AWS Cognito Security — Overview
Discover the hidden security risks in Amazon Cognito with our blog series. Dive into AWS Cognito’s structure, components, and use cases, uncovering new attack vectors and misconfigurations.
AWS Cognito User Pool — Shared User Pools
Explore the risks of shared User Pools in AWS Cognito where users from one app can access another, potentially exposing sensitive resources.
The Unexpected Benefits of Threat Modeling
Threat modeling is a disciplined approach to technology design that identifies security threats and design constraints to prevent security flaws before they manifest in your platform.
Vulnerability Research and the Importance of Supporting Young Talent
This is a story with a happy ending where we were able to get back to the collaboration from the early open disclosure days, utilize modern practices to ensure responsible handling of the information, and allow a young person to make a positive contribution to infosec.
TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
When You Have No Bars
A major network update failure led to a massive cellphone service outage across the US, impacting thousands and disrupting essential services. Despite cellular networks’ redundancy, the incident highlighted vulnerabilities in communication infrastructure when multiple base stations fail simultaneously.