Staying Sharp in Cloud Security: Applying the Wiz Cloud Threat Landscape to my Toolkit

In my cybersecurity journey, one practice has consistently served me well: a steady stream of learning fueled by curiosity. Recently, Wiz released their Cloud Threat Landscape database, and I’ve been delving into the incidents and tools used by threat actors. In this post, I’ll discuss the importance of regular research and ways to maximize the benefits from this crucial activity.

I’ll start by acknowledging that it’s perfectly normal to feel overwhelmed. For those new to reading about threat actors, the barrage of new tactics and terminology can be daunting. Yet, embracing that discomfort is the first step to expanding your domain knowledge. As I often remind myself, patience is key. There’s no shortcut. Taking the time to thoroughly understand each point, even if it means initially marking up almost everything, is part of the process. What follows is a journey down the rabbit hole of curiosity.

Here’s a specific approach I recently undertook. First, I bookmarked the Wiz site as a key cloud security resource. Unlike past habits of bookmarking without revisiting, being deliberate about what you save is crucial. The Wiz database, with its comprehensive compilation, was a clear choice. I then selected a report to start with — “The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker” by Cado Security.

Having read numerous reports throughout my career, I now find them almost entertaining. The initial friction of unfamiliar terms has faded, allowing me to concentrate on the tactics and any code snippets. I often end up brainstorming controls or signatures that could have detected the described activities.

For instance, while going through the report, I considered how auditing key file attributes of /etc/passwd could trigger an alert during the actor’s script execution. Then, I naturally transition into role-playing scenarios where I discuss threat mitigation with engineers and leadership. I draw personas from podcasts or LinkedIn posts, engaging with the cybersecurity community’s discourse.

Finally, I put on my attacker hat and ponder: If I were reading this, how would I adapt the campaign and TTPs to evade detection? This thought exercise not only hones my hacker mindset but also drives me deeper into the technical nuances of the threat actors’ TTPs.

And there you have it — my method for leveraging resources like the Wiz Cloud Threat Landscape database to stay sharp in cybersecurity. Have you explored the Cloud Threat Landscape? How do you utilize such resources? Share your thoughts in a comment below. Thanks for reading.