New cloud security research! We found a method to bypass CloudTrail logging for both read AND write API actions in AWS Service Catalog! In addition, we also reported an issue with a lack of CloudTrail logging in AWS Control Tower. securitylabs.datadoghq.com/articles/bypas…

Attack path simulation coming to your nearest GCP! And now that SCC is more affordable, everyone should be testing this new feature #gcp #cloudsecurity cloud.google.com/blog/products/…

Zoom having an outage due to a misconfigured SCP. Classic👌

📣 Cado Labs researchers recently encountered an emerging Python-based credential harvester and hacktool, named Legion, aimed at exploiting various services for the purpose of email abuse. Full analysis here: cadosecurity.com/legion-an-aws-… #threatintelligence #threatresearch #cyber

Great insight into an #aws ransomware event from Invictus Incident Response most recent blog invictus-ir.medium.com/ransomware-in-…

Ever wanted to hire someone to hack you? This Google cloud blog walks through how red teams can benefit companies #gcp #mandiant #hacking cloud.google.com/blog/transform…

One final fwd:cloudsec appreciation post: It was legitimately the best con I have ever attended. Hands down. Gathering some of the brightest minds in the cloud security community for two days of AMAZING talks. I had never been in person before and now I will never miss it.

We've just released our AWS CloudTrail Cheat sheet, blog post: invictus-ir.medium.com/aws-cloudtrail… Link to cheat sheet: github.com/invictus-ir/aw… In this thread our Top 5 Events from CloudTrail for Incident Response! 🧵

Spotify released how they analyze volatile memory in Google Kubernetes Engine. Love the details! #secops #containers #forensics engineering.atspotify.com/2023/06/analyz…

Unfortunately Orca Security got their terminology wrong in their report by calling the cloud build SA , a ‘Default SA’, then I PERPETUATED it! - apologies. There are only 2 default SAs. The compute and app engine SA. The Cloud Build SA is not a default SA, it is a P4 SA. 1/3

I am excited to announce that my colleague Jay Chen and I got accepted to Black Hat SecTor!! blackhat.com/sector/2023/br…

Google’s Threat Horizon report, out now! services.google.com/fh/files/blogs…

If you are at #SecTor today, come check out my talk on real world cloud attacks! #cloud #blackhat blackhat.com/sector/2023/br…

Ever wonder how attackers breach the cloud? Jay Chen and Noah McDonald will walk through common cloud attack vectors and a real breach incident in this #sectorca presentation, starting at 2:45 in 714AB. buff.ly/3tuDMxt

85% of organizations have hard-coded credentials in VMs, say Jay Chen and Noah MacDonald. Their talk on cloud oversight is ongoing at #sectorca in 714AB. buff.ly/3tuDMxt

We just heard all about how upset gamers compromised the cloud with SIM-Swap, thanks to Jay Chen and Noah McDonald at #sectorca. They're wrapping up now in 714AB. buff.ly/3tuDMxt

We've lined up a venue for fwd:cloudsec 2024! Mark your calendars for June 17-18 in Arlington, VA. Ticket sales and CFP will open in early January. For those interested in sponsoring, we'll have a prospectus in the next few weeks. Email [email protected] if interested.

#Google #GCP attack matrix #TrustEverybodyButCutTheCards Courtesy of: Noah McDonald medium.com/google-cloud/g…

☁️ Google Cloud Incident Response Cheat Sheet * Overview of IR in GCP * Logs for threat hunting and incident response * Log analysis * Service accounts * GCP attack matrix By Noah McDonald #cybersecurity #infosec medium.com/google-cloud/g…

I was recently pointed to some #fresh GCP documentation from Noah McDonald For your reading pleasure is a complete list of P4SAs (per-project-per-product) Service Accounts and their default roles 📯 cloud.google.com/iam/docs/servi…