Can Lacework detect an AWS Cognito exploit?

Tuesday, October 27, 2020, 11:00 AM (MST)

Attacks against hyperscale cloud providers are getting more sophisticated, and so are the tools that attackers are using to exploit misconfigurations and vulnerabilities within these increasingly complex environments. Join us to see Observian's Principal Security Architect Brad Woodward demonstrate 'Hirogen', a brand-new, unreleased attack tool that has already claimed thousands in bug bounties by exploiting misconfigurations in AWS Cognito. Afterwards, you'll learn preventative measures you can take to avoid being targeted and breached, as well as how to identify clandestine access to your hyperscale cloud resources in minutes instead of months.

Brad is an offensive security expert who has developed novel attack and defense techniques specifically for hyperscale cloud environments. He has presented his research at DefCon Skytalks, taught penetration testing and AWS exploitation at BlackHat, and previously worked directly with Amazon internal service teams to protect new features and offerings in AWS before they were released to production.

Chris has spent 15 years working in technology, starting with hardware, then moving to SaaS and eventually found his way into public cloud security. Chris has deep experience with SOC 2, PCI-DSS, NIST 800-53, ISO 27001, and is an AWS Certified Solutions Architect.

Default Name
Brad WoodwardPrincipal Security Architect, Observian
Default Name
Chris PedigoField CTO, Lacework

Event Sponsors

Whether you are new to the cloud, working with older technologies, or a seasoned cloud enterprise, we provide the resources needed to improve your cloud operations. Our goal of helping you develop useful, repeatable, and automated cloud solutions is augmented with ongoing support and education.
Lacework is the industry’s first solution to bring automation, speed, and scale to cloud security enabling enterprises to safely innovate in the cloud at the speed of DevOps. Lacework provides visibility to all processes and applications within an organization’s cloud and container environments. This breadth and depth of visibility helps organizations detect vulnerabilities and identify anomalous behavior that pose threats.