🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Have you ever wondered what hackers know about your AWS account? It's a big leap to go from exposed cloud resource to hacked cloud resource if it's identifier is not easy to guess.

Shodan for AWS is here!! You know those side projects you never finish? Well I started this one in October 2021 and it's finally finished. Well it won't ever be done, but it's available for anyone to use. Enter an account ID into awseye.com and see what it can find

📚 tl;dr sec 258 🤖 Google's AI-powered Fuzzing Oliver Chang, Jonathan Metzman ☁️ What Hackers know about your AWS Account Daniel Grzelak 🔬 Finding vulns in EDR Neodyme ☁️ How to use AWS Resource Control Policies Scott Piper 🤖 Augmenting SAST with AI and more! tldrsec.com/p/tldr-sec-258

📺 AWS re:Invent 2024 Security Talks 33 cloud security talks to up your game Curated by Daniel Grzelak youtube.com/playlist?list=…

I've spent dozens of hours reading State of Cloud Security reports They use customer data to extract insights And I've realized the findings substantially reflect how well that tool helps customers secure their clouds I wrote up some examples, both good and bad (🔗 in 🧵)

A friend shared this with me and my life has been altered forever. snackezy.com.au/products/snack…

EC2s can have more than one IAM role, and there are more magic IPs on AWS for getting creds beyond 169.254.169.254. Learn more: wiz.io/blog/the-many-…

I made a matchup luck calulator for ESPN H2H fantasy basketball leagues. Sometimes you play a really strong, and lose each category by a tiny bit so your team looks terrible when you would have beaten every other team. github.com/dagrz/nba-matc… Josh Lloyd

Did you know an attacker can execute code on an AWS EC2 instance with just StartInstances, StopInstances, and ModifyInstanceAttribute permissions? Yep, full-blown remote code execution on the instance!

DynamoDB read operations like "GetItem", "Query", and "Scan" aren’t the only way to retrieve data. Some write operations can also return data, and if you're not careful, you might be leaking information without even realizing it. H/T Aidan W Steele

How do you turn an AWS access key into an account ID, without touching the API, even if it's long gone? It's super easy. So easy, I'll show you how in 2 minutes with this video anyone can follow.

I wrote some code and a guide to figure out who has access to your AWS production, through transitive trusts. It's always scary to figure this out but well worth it. plerion.com/blog/root-in-p…

Bad prioritization kills security teams. So I did some experiments to see if AI could help. If you think about it, prioritization is just sorting. So why not use sorting algorithms to prioritize? The LLM can be the comparison function. plerion.com/blog/automatic…

My maiden voyage interviewing with Patrick Gray is live, and it's a fun one: HD Moore on why vuln scanners are awful and broken - Risky Business Media m.cje.io/45679XN Enjoy!

Just dropped a 🔥 conversation with a non-technical CISO. I learned so much from this guy! You don't have to be technical to be a CISO but if you make silly metrics your goal, you'll get silly results. Tag your favourite CISO.