06-12, 15:20–15:40 (US/Pacific), Salon B
AWS presigned URLs are a powerful mechanism for granting temporary access to resources in AWS services. However, they can also be exploited by attackers to gain unauthorized access, perform data exfiltration, and execute other malicious or unwanted actions. In this talk, I will explore the different attack scenarios that can leverage presigned URLs and methods to detect and prevent such attacks.
Jarom is a Sr Lead Security Engineer working on the Bug Bounty/Responsible Disclosure team at Capital One. His previous role was as a software engineer solving problems in the Threat Intel space. He got his start as a full-stack software engineer. While not working he enjoys doing CTFs, bug bounty, tinkering, working out, and relaxing with his family.