What if I told you that until recently, sharing CloudWatch dashboards publicly could introduce an initial access vector for attackers targeting AWS accounts? And that a series of bugs rooted in Amazon Cognito resulted in dozens of dashboards being exposed on the internet?

This is the story of a vulnerability accidentally discovered in a cloud security assessment and patched by AWS in July 2024, which provided unauthenticated actors some …unexpected permissions into a target account. Our research takes a deep dive into this relatively unknown exploitation technique, showcasing once more why default configuration isn’t always secure.

Join us in this journey that starts from the peculiar discovery, covers the analysis of an undocumented web application, and leads to the eventual 4-step attack that could breach the cloud perimeter. This talk will not only investigate the impact of a bug that once was, but will also discuss the risks remaining post-remediation, providing guidance on what AWS users can do to protect their estates against abuse.