Back to directory

WRITEUP #69

The Hunt for ALBeast: A Technical Walkthrough

CloudAWS ALBAuthentication bypassAuthorization bypass

by@liadeliyahu(Liad Eliyahu)

Program

AWS

Published

Aug 20, 2024

Added to HackDex

Aug 26, 2024

Read Full Writeuphttps://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast

▸ RELATED WRITEUPS

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Authorization bypass due to cache misconfiguration

APIAuthorization bypass

$1600 Bounty on a Main Domain

ReconSession fixation

Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD

CloudPrivilege escalation

Built with ❤️ by Shubham Rawat