Be the first to like this
Amazon CloudFront is a content delivery network (CDN) service. It provides several configurations so that it can deliver contents to clients with high transfer speeds, or ease to access. However, misconfigurations may cause a security issue.
We found a curious host which was accessible only via CloudFront during our penetration test project. Also we identified someone stored sensitive information such as FTP hostname and credentials on the host. This session shows the issue and further research to specify the cause of the issue and attempt to find some more curious hosts.