fwd:cloudsec 2023

fwd:cloudsec 2023

Jarom Brown

Jarom is a Sr Lead Security Engineer working on the Bug Bounty/Responsible Disclosure team at Capital One. His previous role was as a software engineer solving problems in the Threat Intel space. He got his start as a full-stack software engineer. While not working he enjoys doing CTFs, bug bounty, tinkering, working out, and relaxing with his family.


Session

06-12
15:20
20min
AWS Presigned URLs: The Good, The Bad, and The Ugly
Jarom Brown

AWS presigned URLs are a powerful mechanism for granting temporary access to resources in AWS services. However, they can also be exploited by attackers to gain unauthorized access, perform data exfiltration, and execute other malicious or unwanted actions. In this talk, I will explore the different attack scenarios that can leverage presigned URLs and methods to detect and prevent such attacks.

Control & data
Salon B