2026-03-23 –, TALKS
This hands-on workshop dives into real-world AWS misconfigurations that attackers actively
exploit to gain privilege escalation and access sensitive data. You’ll step into the shoes of an
adversary and learn how common oversights like loose IAM roles, misconfigured Cognito
identity pools, or exposed metadata endpoints can be chained into full-blown breaches.
Key Takeaways:
● Escalate IAM permissions to gain admin-level access
● Exploit SSRF in EC2 to steal credentials
● Abuse misconfigured Cognito identity pools for unauthorized access
● Understand how small missteps can trigger large-scale compromise
● Use tools like Cloud Nuke to safely clean and reset your infrastructure
Built for all skill levels, this lab gives security engineers, DevOps teams, and developers a safe space to break things, fix them, and come out with a sharper eye for spotting these risks before attackers do.
Sumanth Vankineni is a cybersecurity enthusiast who enjoys exploring a little bit of everything : breaking things, understanding how they work, and figuring out how they can be improved. His interest lies in how systems fail and how they behave when pushed in unexpected ways. He brings a chess player’s mindset to security: curious, strategic, and always thinking a few moves ahead. His chess rule is his security rule: if it looks like a trap, it probably is, so don’t click it!
Bhagavan Bollina is a passionate security researcher who loves building and breaking things in the cloud. Parallelly he also dabbles in web, network and mobile security. When not building and breaking stuff in the cloud, he enjoys bug bounty submissions with over 200+ across crowd source platforms. He loves training
his dog as well in his spare time, but the dog weirdly seems to not like Bug Bounty.