Join the Hack Smarter community: hacksmarter.org
--- In this video, I work through the "vulnerable_cognito" scenario on CloudGoat as I continue to learn AWS Pentesting. In this video, I cover the following:
Discover an initial entry point.
Enumerate and find the Cognito Userpool Client ID.
Bypass email restricts to sign up for the application.
Identify and modify a custom attribute to become an admin.
Monitor requests with Burp Suite to find the Identity Pool credentials for the Cognito service.
A big thank you to TrustOnCloud for this excellent scenario!
Enjoy!
--------------
Rhino Security Labs Discord: / discord
Work Smarter Discord: / discord
Twitch: hacksmarter.live/