HTTP Desync attacks are a category of attacks on a system of proxies and load balancers when multiple devices in the chain parse parts of the HTTP request differently, resulting in tampering of legitimate HTTP sessions and bypassing application level security. AWS offers protection against these attacks in their Load Balancer service that prevents exploitation.
This academy article provides hands-on guidance on how you can create, attach, and detach EBS volumes to your EC2 instances on AWS.
EBS, S3, and EFS are three popular storage services provided by AWS. In this article, we take a look at each of these services and their use cases.
Blurring of traditional perimeters with the emergence of cloud has led to rise of new threats. This talk by Rod Soto takes us through some of the attack scenarios and how defenders can implement detection to address these new threats.
On AWS, Lambda Authorizers are frequently used with API Gateway, however, one must be careful when working with the policy documents for Lambda Authorizers. This tech talk by Alexandre & Leonardo takes you through interesting examples to showcase the attack vectors for APIs using the AWS API Gateway Lambda Authorizers.
A walkthrough of the slides presented during the fwd:cloudsec 2021 conference with details of findings and observations across different resources within the IBM cloud platform.
