writeups.xyz
/
Christophe Tafani-Dereeper (@Christophetd)
Title
Vulnerabilities
Programs
Authors
No keys attached: Exploring GitHub-to-AWS keyless authentication flaws
OIDC
CI/CD
Cloud
Account Takeover
UK Cabinet Office
Christophe Tafani-Dereeper (@Christophetd)
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
Rate Limiting Bypass
Bruteforce
AWS
Christophe Tafani-Dereeper (@Christophetd)
Page 1 of 1
writeups.xyz
/
Christophe Tafani-Dereeper (@Christophetd)