Armend Gashi

Managing Security Consultant at Sentry Cybersecurity

SPEAKER BIO

He specializes in finding vulnerabilities in web and mobile applications using contemporary cloud technologies such as AWS, Azure, and GCP. Armend has participated in and led numerous engagements to uncover critical security flaws in some of the world’s most popular software, their cloud infrastructures, external and internal networks, and mobile applications.

Furthermore, Armend played a pivotal role in leading various research initiatives, culminating in the discovery of six security vulnerabilities in NextCloud. Several of these detected vulnerabilities posed significant risks, including the potential for attackers to execute arbitrary commands on NextCloud systems and to compromise user accounts.

Armend is a big fan of heavy metal music and is an active community member in the Prishtina cybersecurity scene.

DISCUSSION TOPIC

Unlocking the Vault: Security Insights into Modern Authentication Protocols

This presentation delves into the vulnerabilities inherent in modern authentication mechanisms such as Cognito, OAuth, SAML, and JWT, crucial components in securing access to online services. By examining both common, non-common weaknesses and real-world exploits, it offers a roadmap for penetration testers to identify and mitigate risks effectively.

Through detailed analysis and case studies, attendees will gain insights into sophisticated exploitation techniques and best practices for securing authentication processes.