Seth Art (@sethsec) 's Twitter Profile
Seth Art

@sethsec

Cloud Security Research and Advocacy @Datadoghq. Previous: Cloud Penetration Testing lead @BishopFox. Also on Mastodon infosec.exchange/@sethsec

ID: 156270728

linkhttp://sethsec.blogspot.com calendar_today16-06-2010 13:37:02

1,1K Tweet

1,1K Takipçi

375 Takip Edilen

Nick Frichette (@frichette_n) 's Twitter Profile Photo

Great blog post from Permiso Security on LLMHijacking attacks against AWS Bedrock. I remember when we first started seeing this behavior from threat actors and I couldn't figure out why they would target Bedrock. Well, I guess we have on answer. 🧵 permiso.io/blog/exploitin…

Seth Art (@sethsec) 's Twitter Profile Photo

This is a killer talk! If you have not seen it yet, make some time to watch Nick explain some really cool initial access techniques he found in a super approachable way!

Seth Art (@sethsec) 's Twitter Profile Photo

I had such a great time speaking about Cloud Security at Bsides Orlando! I saw some great talks, made some new friends, and got to hang with old ones. A huge thank you to all of the volunteers that made this epic event possible!

I had such a great time speaking about Cloud Security at <a href="/BsidesORL/">Bsides Orlando</a>! I saw some great talks, made some new friends, and got to hang with old ones. A huge thank you to all of the volunteers that made this epic event possible!
Christophe Tafani-Dereeper (@christophetd) 's Twitter Profile Photo

Excited to share some research I've been working on for the past few months, based on real-world data from thousands of environments using AWS, Azure and Google Cloud! datadoghq.com/state-of-cloud…

Daniel Bohannon (@danielhbohannon) 's Twitter Profile Photo

Mine & Sabi's #MaLDAPtive presentation from DEF CON is now posted on YouTube! LDAP obfuscation, deobfuscation & detection - all built on our 100% custom LDAP parser. Recording: youtube.com/watch?v=mKRS5I… Tool: github.com/MaLDAPtive/Inv… Permiso Security #LDAP #ClippyGotJokes

Clint Gibler (@clintgibler) 's Twitter Profile Photo

☁️ State of Cloud Security 2024 update of @Datadog’s report analyzing security posture data from a sample of thousands of orgs across AWS, Azure, and Google Cloud • Long-lived credentials continue to be a major risk. • Adoption of public access blocks in cloud storage

Lupin (@0xlupin) 's Twitter Profile Photo

🔗In this article we talk about how I exploited a Fortune 500 Through Hidden Supply Chain Links Link 👇 landh.tech/blog/20241028-… Thanks to the entire HashiCorp team ! 🤟 Enjoy 🔥

🔗In this article we talk about how I exploited a Fortune 500 Through Hidden Supply Chain Links 

Link 👇

landh.tech/blog/20241028-…

Thanks to the entire <a href="/HashiCorp/">HashiCorp</a> team ! 🤟

Enjoy 🔥
Christophe Tafani-Dereeper (@christophetd) 's Twitter Profile Photo

Fun with Google Cloud's default service accounts (and how to leverage them for offensive purposes) securitylabs.datadoghq.com/articles/googl…

Rami McCarthy (@ramimacisabird) 's Twitter Profile Photo

Excellent research here from Seth Art and crew - including responsible disclosure, AWS hardening enhancement, detection guidance, etc. 🤔 I did report a name confusion in SSM Documents impacting Datadog right before this was found... 😜

Terrance DeJesus (@_xdejesus) 's Twitter Profile Photo

whoAMI research by DataDog. I immediately thought about all the user-data scripts that me be attached to those launched EC2 instance images 🥶 Kudos to Seth Art for the discovery, research, and tool! #aws #cloudsecurity securitylabs.datadoghq.com/articles/whoam…

BleepingComputer (@bleepincomputer) 's Twitter Profile Photo

whoAMI attacks give hackers code execution on Amazon EC2 instances - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

AWS Cloud Security Weekly (@awscloudsec) 's Twitter Profile Photo

📣 Issue 84 is out. Highlights: - Amazon Inspector enhances the security engine for container images scanning. - AWS CloudTrail network activity events for VPC endpoints now generally available. - whoAMI: A cloud image name confusion attack by Seth Art. - Uncovering a Hidden