πŸš€ New Talk Confirmed for BSides Luxembourg 2026!

Leaky API Keys, Log Tampering, and Account Takeover – Aleksa Zatezalo

Modern cloud systems are highly secure in isolation, but real-world risk emerges at the seams β€” where services integrate. This talk explores how seemingly minor misconfigurations in logging pipelines, API integrations, and third-party services can quietly escalate into high-impact security breaches.

Through three real-world inspired vulnerability scenarios, the session demonstrates how leaked API keys from client-side logs, misconfigured S3 uploads, and insecure integrations (such as Supabase and financial data pipelines) can be chained into account takeover paths. The focus is on understanding the underlying anti-patterns rather than isolated bugs.

Attendees will leave with a structured framework to identify these cross-service weaknesses and practical remediation strategies that go beyond patching symptoms β€” targeting the architectural root causes that enable entire classes of exploitation.

Aleksa Zatezalo is a security engineer and software developer with experience in cloud security consulting, offensive security tooling, and contributions to Metasploit. He currently works at Praetorian and is OSCP-certified, pursuing OSCE3, with a strong focus on applied offensive security research.

πŸ“… Conference Dates: 6–8 May 2026 | 09:00–18:00
πŸ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
πŸ“… Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/

πŸ“± Want an easy way to follow the schedule?
Use Hacker Tracker: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #CloudSecurity #APIKeys #AccountTakeover #DevSecOps #CyberSecurity