PinnedAdanCybersecurity — It’s All About TrustLast year, I wrote about the importance of understanding risks in cybersecurity and the critical role of risk reduction. Recently, I’ve…Dec 30, 20233Dec 30, 20233
AdanDiscover New CloudTrail Logs on TrailDiscover, Powered by Grimoire!On August 9th, Christophe from Datadog released Grimoire during the DEFCON Cloud Village talk titled “Catch Them All! Detection Engineering…Aug 251Aug 251
AdanAutomating Incident Response in AWS: Blocking a Compromised Identity Center UserWhen responding to incidents, especially in the cloud, every second matters as large parts of the attack might be automated. Because of…Jun 32Jun 32
AdanDeterring Attackers with HoneyTrail: Deploying Deception in AWSI’ve always been a big fan of deception and honeypots. Even my final degree project was about implementing a honeypot with active blocking…May 12May 12
AdanWhat’s New in TrailDiscover: Integrating Permissions Information, Alerting, and SimulationsFirst and foremost, I want to say a big thank you to everyone who has taken the time to share, use, or comment on TrailDiscover. It’s been…Apr 61Apr 61
AdanIntroducing TrailDiscover: Simplifying Access to Security Insights about CloudTrail EventsI’m excited to announce the launch of TrailDiscover, a new initiative to gather CloudTrail events linked to security incidents or actions…Mar 3Mar 3
AdaninAWS TipEnhancing AWS GuardDuty Alerts with GuardDutyInsightfulAlertsIn my previous articles, I’ve explored various AWS services from an attacker’s viewpoint, discussing potential post-exploitation attacks…Dec 6, 20231Dec 6, 20231
AdaninAWS TipLambda Extensions: Exploring Misuse Scenarios and Stratus Red Team Module DevelopmentAfter investigating potential post-exploitation attacks against various AWS services such as CloudFront, AppSync, and ALB, this article…Nov 15, 2023Nov 15, 2023
AdanRigging the Rules: Manipulating AWS ALB to Mine Sensitive DataIn our ongoing exploration of post-exploitation attack vectors within AWS services, we’ve previously examined potential attacks against…Oct 24, 20232Oct 24, 20232
AdanDistorting the Sync: How AWS AppSync Can Be Turned into an Attacker’s BackdoorAfter my last article, where I explored unconventional methods attackers might employ to compromise an AWS account and get information from…Oct 3, 2023Oct 3, 2023