Shows
Modern Cyber with Jeremy SnyderToni de la Fuente of ProwlerRecorded live at fwd:cloudsec 2025, this episode of Modern Cyber features Toni de la Fuente, founder of Prowler, one of the most widely adopted open source cloud security tools. Toni joins Jeremy to reflect on nearly a decade of building in the cloud security space, sharing the origin story of Prowler, lessons from maintaining open source software, challenges in cloud forensics, and the evolving threat landscape. They also explore how AI, platform complexity, and compliance frameworks are shaping the next generation of cloud security. About Toni de la FuenteToni de la Fuente is the...2025-07-2535 min
Modern Cyber with Jeremy SnyderKyler Middleton & Sai GunaranjanIn this special episode recorded at fwd:cloudsec 2025 in Denver, Jeremy sits down with two cloud leaders from Veradigm: Kyler Middleton and Sai Gunaranjan. The duo shares insights from their joint talk on securing AI usage in enterprise platforms, highlighting real-world challenges around governance, model usage, data sovereignty, and developer enablement.With the health tech industry as a backdrop, they reflect on balancing innovation with control, managing AI risks, and fostering collaboration between platform engineering and governance teams. This episode is a timely and practical look at the realities of secure AI adoption in modern organizations.2025-07-1124 min
fwd:cloudsecDefenders hate it! Compromise vulnerable SaaS applications with this one weird trick (Eric Woodruff)https://youtu.be/rQxc9N4gBqASpeaker: Eric WoodruffThroughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized...2025-07-0249 minfwd:cloudsecPutting Workload Identity to Work: Taking SPIFFE past day 0 (Dave Sudia)https://youtu.be/oHlPGzpFT_cSpeaker: Dave SudiaDave Sudia went from Platform Engineering to Product Engineering; in both roles he has had to stand up infrastructure in repeatable but constantly evolving architectures, taking into account usability, security, and scalability. He is the world's biggest fan of Infrastructure-as-Code. By day you'll find him enabling developers to do their best work and by night you'll find him hanging with his kid, whose hobbies are now Dave's hobbies.Talk:With the rise in popularity of open-source standards and tools like SPIFFE and SPIRE, it’s never been ea...2025-07-0225 minfwd:cloudsecHappy Little Clouds: Painting Pictures with Microsoft Cloud and Identity Data (Matt Graeber)https://youtu.be/nwYzVTL8Y4YSpeaker: Matt GraeberMatt is a threat researcher focused on detecting Microsoft cloud and identity threats. Coining the term and establishing the strategy of "living off the land" in 2013 along with Chris Campbell, he has an extensive history of identifying ways to abuse native functionality in Microsoft products. Matt is dedicated to helping make defense accessible to all.Talk: You're tasked with detecting an Entra ID, Azure or Microsoft 365 attack technique. Where do you start? How do you identify what data sources are available to observe the technique? Of...2025-07-0244 minfwd:cloudsecIntroducing GRC Engineering: A New Era of AWS Compliance (AJ Yawn)https://youtu.be/nEM7z266D6oSpeaker: AJ YawnAJ Yawn is an experienced cybersecurity leader specializing in cloud compliance, governance, risk, and compliance (GRC) engineering, with nearly 15 years of experience. AJ currently serves as Director of GRC Engineering at Aquia, leading innovative approaches to compliance automation and cloud security. He previously founded ByteChek, a compliance automation startup focused on SOC 2 and HIPAA, achieving over $1M in annual recurring revenue. AJ also served as a partner at Armanino LLP, a top 20 CPA Firm, spearheading product innovation in compliance and audit automation.As a dedicated...2025-07-0227 minfwd:cloudsecStaying Sneaky in the Office (365) (Christian Philipov)https://youtu.be/l5lpIF_QZCESpeaker: Christian PhilipovChris is a principal security consultant and leads the specialist services within Reversec. As part of his day to day he leads the global team that deals with various different types of engagements of both a transactional and more bespoke nature. Chris specialises in Microsoft Azure predominantly with GCP and AWS as an additional background.Talk:Microsoft are getting better at closing out security gaps in well-known APIs and components of their platform. However, as shown across the different cloud service providers, these interconnected systems almost...2025-07-0225 minfwd:cloudsecNot So Secret: The Hidden Risks of GitHub Actions Secrets (Amiran Alavidze)https://youtu.be/k3DBur7iEHMSpeaker: Amiran AlavidzeAmiran is a passionate product security professional with over 20 years of experience spanning systems engineering, security operations, GRC, and product and application security. As a security engineering leader, he champions a pragmatic, scalable approach to security - where collaboration between security, developer, and platform teams turns security into a business enabler rather than a bottleneck.With a deep understanding of evolving cloud architectures and modern development practices, Amiran focuses on helping organizations align security with velocity, ensuring defenses scale effectively in dynamic environments.An avid supporter...2025-07-0221 minfwd:cloudsecTrust Issues: What Do All these JSON files actually mean? (David Kerber)Speaker: David KerberDave is an engineer and longtime AWS practitioner with a focus on IAM and AWS security tooling. He’s led product and engineering teams at startups and billion-dollar companies, raised millions from VCs, built two CSPMs, and now consults on AWS security for Fortune 500 companies. He maintains open-source projects in the AWS IAM space and is currently obsessed with perfecting his focaccia.Talk: As cloud security practitioners, we spend our days wrangling IAM policies—but for all the JSON we manage, it’s still surprisingly hard to answer basic questions like: “Who can access this S3 bucket?” or “What c...2025-07-0224 minfwd:cloudsecInviter Threat: Managing Security in a new Cloud Deployment Model (Meg Ashby)https://youtu.be/ilnOvSV0QtYSpeaker: Meg AshbyMeg does cloud security for Alloy, a fintech in NYC. Previous to Alloy she worked at Marcus by Goldman Sachs, but that was way less fun. At Alloy, Meg does IAM, networking, data, and kubernetes security (and everything else related or tangentially-related to AWS & security). When detached from her computer, Meg dances and is part of a ballet performance group.Talk:Vendors are looking for ways to differentiate themselves in a crowded market and organizations are looking for solutions that are cheaper, faster, and easier for their...2025-07-0125 minfwd:cloudsecI Didn’t Register for This: What’s Really in Google’s Artifact Registry? (Moshe Bernstein)https://youtu.be/hHe9cKfSfqISpeaker: Moshe BernsteinMoshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.Talk:We scanned all of the Google-owned container images you might be using on the Artifact Registry for vulnerabilities and secrets. You probably won't like what we found.2025-07-0124 minfwd:cloudsecNo IP, No Problem: Exfiltrating Data Behind IAP (Ariel Kalman)https://youtu.be/g-XCNobgvaMSpeaker: Ariel KalmanAriel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environmentTalk:Google Cloud’s Identity-Aware Proxy (IAP) is often seen as the final gatekeeper for internal GCP services - but what happens when that gate quietly swings open? This session uncovers how subtle misconfigurations in IAP can lead to serious data exposure, even in environments with no public IPs, strict VPC Service Controls, and ha...2025-07-0121 minfwd:cloudsecRebuilding ROADRecon for the Modern Entra Environment (Thomas Byrne)https://youtu.be/dTUeAhzmIu8Speaker: Thomas ByrneThomas is a security consultant at Reversec. He has experience in a range of areas including application, network and cloud security. He focuses his time mainly on Azure, DevOps and researching cloud specific vulnerabilities outside of work.Talk:In the ever-evolving landscape of cybersecurity, tools that help security professionals enumerate and understand their environments are invaluable. ROADRecon, an open-source tool designed to enumerate Azure AD (now Entra) environments, has been a staple for many. However, with the impending deprecation of the Azure AD Graph API, ROADRecon faces a...2025-07-0124 minfwd:cloudsecInside Microsoft's Battle Against Cloud-Enabled Deepfake Threats (Alessandro Brucato)Speaker: Alessandro BrucatoAlessandro is a senior Threat Research Engineer at Sysdig, working on cloud security. His research mainly focuses on cloud threats and supply chain attacks. In addition to research, he’s keen on bug bounty programs and has received rewards from several large companies. Alessandro is also a contributor to Stratus Red Team, a tool to emulate offensive attack techniques in the cloud, and Falco, a graduated CNCF project.Talk:In December 2024, Microsoft’s Digital Crimes Unit (DCU) took legal action against LLMjacking threat actors, who developed tools designed to bypass the guardrails of generative AI services to crea...2025-07-0122 minfwd:cloudsecPatience brings prey: lessons learned from a year of threat hunting in the cloud (Greg Foss)Speaker: Greg FossGreg Foss is a seasoned cybersecurity leader with over 15 years of experience spanning threat research, security operations, and offensive security. As the Engineering Manager of Threat Detection Engineering at Datadog, he leads a team of elite threat hunters and detection engineers, developing cutting-edge defenses against sophisticated cloud-native intrusions by nation-state and criminally motivated adversaries. His team transforms deep research and intelligence into actionable security insights, strengthening Datadog’s security platform.Speaker: Anthony RandazzoAnthony Randazzo leads the detection engineering function at Datadog on their cloud security platform. He has nearly 20 years of experience in security operations roles across Se...2025-07-0125 minfwd:cloudsecECS-cape – Hijacking IAM Privileges in Amazon ECS (Naor Haziz)https://youtu.be/WXdB-9pTqAUSpeaker: Naor HazizNaor Haziz is a security researcher and low-level developer at Sweet Security with over seven years of experience in vulnerability research, exploit development, and system internals. He holds a degree in Computer Science and previously served as an officer in the IDF Intelligence Corps, leading a team focused on Windows and Linux security. At Sweet Security, he develops the company’s security sensor, designing and implementing high-performance detection capabilities for cloud environments. His work combines low-level development and cloud security research to improve monitoring, threat detection, and de...2025-07-0137 minfwd:cloudsecThe Good, The Bad, and The Vulnerable: Breaking Down GCP Tenant Projects (Ofir Balassiano)https://youtu.be/WUO_-AgpcxsSpeaker: Ofir BalassianoOfir Balassiano leads AI and Cloud security posture research at Palo Alto Networks, uncovering critical vulnerabilities in GCP and Azure. With over a decade of experience in security, he has a proven track record of impactful research and innovative solutions. Prior to Palo Alto Networks, Ofir served as head of security at Dig Security, driving key security initiatives, and as a senior researcher at XM Cyber, where he specialized in Windows internals and EDR strategies. His career began in the IDF, where he led a team focused...2025-07-0120 minfwd:cloudsecData Perimeter Implementation Strategies: It is one thing to know how to configure SCPs/RCPs, and another for your organization to implement them (Agnel Amodia)https://youtu.be/Pd6rbBjiXaASpeaker: Agnel AmodiaI’m Agnel Amodia, a Senior Technical Lead at Vanguard Group, specializing in Identity and Access Management. With over 15 years of experience, including 7 years in cloud security, I design enterprise-grade security systems for AWS cloud databases. Previously, I worked as a system programmer and researcher in India, building Neural Network Machine Learning-based software for the National Crime Records Bureau. I’m also a passionate security researcher who loves finding loopholes and crafting solutions. For me, security isn’t just work — it’s a passion I truly enjoy.Talk: Data...2025-07-0123 minfwd:cloudsecIAM Roles Anywhere – now for everyone with Let's Encrypt (Dhruv AHUJA)https://youtu.be/M1hXUcBMf1QSpeaker: Dhruv AHUJADhruv is a former SRE and founded Chaser Systems in 2020. He's mostly Wiresharking, tinkering with PKI or tuning stacks as he once did in the low-latency world of financial data, only this time for network security. He is also a Rust programmer, cares deeply about developer experience, dabbles in cryptography and holds a master's degree in Advanced Software Engineering from King's College London. He's always 5 years of practice away from being able to play Chopin on the piano – an accomplishment that will surely coincide with IPv6 ov...2025-07-0119 minfwd:cloudsecBeyond the Big Three: Mastering Oracle Cloud Security in a Multi-Cloud World (Dani Kaganovitch)Speaker: Dani KaganovitchDani Kaganovitch is a Product Manager at RockSteady, a stealth cloud security startup. Before that, Dani worked at Google Cloud and Oracle Cloud, helping customers navigate various cloud use cases at scale in areas of core infrastructure workloads, FinOps, and observability. Through working with hundreds of organizations of different sizes, Dani organized and presented technical workshops at conferences, which led to becoming an advocate for effectively and efficiently solving real-world multi-cloud security challenges. Now, Dani focuses on ensuring customers’ environments are secure by design through the application of security policies that are practical, enforceable, and don’t brea...2025-07-0121 minfwd:cloudsecSecuring Remote MCP Servers (Jake Berkowsky)https://youtu.be/9-e4VVPlWB8Speaker: Jake BerkowskyJake is a Principal Architect heading Snowflake's Cybersecurity Data Cloud. At Snowflake, Jake's mission is to evangelize and enable the implementation of modern security analytics and engineering. Prior to joining Snowflake, Jake has had a diverse background of technical and leadership roles having most recently served as Co-Founder and CTO of a Cloud Consulting and Data Intelligence company. He regularly maintains his experience and interests in the areas of cloud, devops and development and is an active outdoorsman and nature enthusiast.Talk:Once again...2025-07-0124 minfwd:cloudsecwhoAMI: Discovering and exploiting a large-scale AMI name confusion attack (Seth Art)Speaker: Seth ArtSeth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.Talk:It’s not every day you stumble upon a technique that enables remote code execution (RCE) in thousands of AWS accounts at once—but that’s exactly what happened with the whoAMI attack. By researching a known misconfiguration through a new lens, we discovered how to gai...2025-07-0138 minfwd:cloudsecDetecting the Undetectable: Threat Hunting in Appliance Environments (Shahar Dorfman & Sagi Tzadik)https://www.youtube.com/watch?v=1rfB0Pb0t2oSpeaker: Shahar DorfmanShahar is a threat hunting researcher at Wiz, where she focuses on identifying and analyzing emerging cyber threats to enhance security defenses.Speaker: Sagi TzadikSagi Tzadik is a security researcher on the Wiz Research team. His expertise lies in identifying and exploiting vulnerabilities in web applications, as well as in network security and protocols. He has been recognized for his work and was featured on the MSRC Top Security Researcher Leaderboard.2025-07-0121 minfwd:cloudsecWelcome Talk by Aaron Zollmanhttps://www.youtube.com/watch?v=p8PZiqXoVTcAn introduction to fwd:cloudsec North America 2025 by Aaron Zollman2025-07-0108 min
Cloud Security PodcastHow Attackers Stay Hidden Inside Your Azure CloudIn this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected.Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders.The 3 common ways attackers stay stealthy in AzureWhy read-only enumeration activity often isn’t loggedWhat detection is possible and how to improve itHow conditional access and logging configuration can help defendersWhy understanding Microsoft Graph matters for security ops...2025-04-1035 min
Security Weekly Podcast Network (Audio)Soft skills for engineers - Evgeniy Kharam, Paul Nguyen - ESW #401When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and...2025-04-072h 03
Enterprise Security Weekly (Video)How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how...2025-04-0743 min
Enterprise Security Weekly (Audio)Soft skills for engineers - Evgeniy Kharam, Paul Nguyen - ESW #401When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and...2025-04-072h 03
Tech TalkNavigating The Complexities Of AI. How To Embrace It?As organisations begin to rely more on AI-driven solutions and cloud infrastructure, they also face challenges in implementation, security, and regulation. How can businesses navigate these complexities while staying ahead of technological advancements? Joining us today is Adriana Kamelia, Co-Founder of CloudSec LLC, and an experienced AI and emerging technologies professional. Having worked with Fortune 500 companies and trained thousands of professionals in AI and automation, Adriana brings insights into digital transformation, cloud security, and the future of AI adoption. In this episode of Tech Talk, we discuss the evolving role of...2025-03-1936 min
Screaming in the CloudReplay - Hacking AWS in Good Faith with Nick FrichetteOn this Screaming in the Cloud Replay, we’re taking you back to our chat with Nick Frichette. He’s the maintainer of hackingthe.cloud, and holds security and solutions architect AWS certifications, and in his spare time, he conducts vulnerability research at Hacking the Cloud. Join Corey and Nick as they talk about the various kinds of cloud security researchers and touch upon offensive security, why Nick decided to create Hacking the Cloud, how AWS lets security researchers conduct penetration testing in good faith, some of the more interesting AWS exploits Nick has discovered, how it’s fun to pla...2024-12-2632 min
Tech Talks by Lawrence HarveyCracking the Code: DevSecOps in ActionIn this episode, we dive into the practicality of DevSecOps, uncovering this buzzword to understand how it transforms securing the software development process. We also explore the nuances that differentiate CloudSec from DevSecOps, shedding light on their distinct roles in safeguarding digital assets. Additionally, we discuss how to structure an organization that embraces security culture, gaining buy-in from both technical and non-technical stakeholders. Tune in to discover the essential principles and practices that can help your organization prioritize security while maintaining efficiency and innovation.
Guest: Larry Lidz, CISO, Cisco CX Cloud2024-12-0340 min
cloudonaut#092 The Cloud Control API came a long wayAndreas and Michael discuss how to leverage the Cloud Control API to overcome missing resources in Terraform.
Andreas and Michael Wittig are building on AWS since 2009. Follow their journey of developing products like bucketAV, marbot, and HyperEnv and learn from practice.
Links
Review: Amazon GuardDuty Malware Protection for S3
Are you missing an AWS resource in Terraform? Try awscc provider!
Vector - A lightweight, ultra-fast tool for building observability pipelines
fwd:cloudsec Europe - Cloud-Conscious Tactics, Techniques, and Procedures (TTPs)
fwd:cloudsec Europe - Who Watches the...2024-10-1135 minCloud Security PodcastThe Role of Cloud Security Research in 2024Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data.
Guest Socials: Scott's Linkedin + Scott's Twitter
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
2024-10-0235 min
Modern Cyber with Jeremy SnyderRojan Rijal of Ophion & Jonathan Walker of SecurityRunnersIn this episode of Modern Cyber, Jeremy sits down with two cybersecurity experts—Jonathan Walker, founder of Security Runners, and Rojan Rijal, founder of Ophion Security—live from fwd:cloudsec 2024. The trio discusses the importance of scanning in red teaming, managing attack surfaces, and how to handle large-scale cloud environments. They dive into the challenges of asset inventory, scaling security efforts, and the need for empathy when working with development teams on vulnerability remediation. Jonathan and Rojan also share insights from their latest projects, including open-source tools and live security exercises. This episode is packed with practical advice for orga...2024-09-1225 minCloud Security PodcastState of Cloud Security - Practitioner EditionIn this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Ch...2024-09-0456 min
Modern Cyber with Jeremy SnyderZack Glick of Zatik SecurityIn this episode of Modern Cyber, Jeremy Snyder speaks with Zack Glick, founder of Zatik Security, live from fwd:cloudsec 2024. Zack shares insights from his extensive experience in cloud incident response, including his time at AWS, where he handled major incidents like Heartbleed and Log4j. He discusses the importance of maintaining calm during high-pressure situations and the unique challenges of managing cloud-based incidents, emphasizing the role of the incident commander over the technical responder. The conversation also touches on Zack's transition to founding Zatik Security, a company offering fractional application security services tailored for small businesses, and the...2024-08-2922 min
Modern Cyber with Jeremy SnyderMarina Segal of TamnoonIn this episode of Modern Cyber, Jeremy catches up with Marina Segal of Tamnoon at fwd:cloudsec 2024. Across the course of the conversation, the pair discuss Marina's long career in cloud security, the evolution of the threat landscape and the increasingly complex alphabet soup of security solutions in the market. Covering the challenges of managing misconfigurations, the importance of prioritizing risks, and the debate around automated remediation, Marina also offers valuable insights into striking the right balance between technology and human intervention in cloud security operations. This episode is packed with practical advice for security professionals aiming to navigate...2024-08-0823 minCloud Security PodcastState of Cloud Security 2024 - Leadership EditionLeadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they explored the current state and future of cloud security, discussing the importance of detection & incident response teams, building and maintaining a robust cloud security program, understanding the importance of stakeholder management, and the role of data security in mitigating risks. Srinath shared his perspective on the evolution of cloud security, the critical need for a prevention-first mindset while tackling the challenges of managing security in a multi-cloud environment
2024-08-0625 min
Modern Cyber with Jeremy SnyderNoah McDonald of Google CloudIn this episode of Modern Cyber, Jeremy meets with Noah McDonald from Google Cloud to talk about the intricacies and best practices of incident response in cloud environments. Noah shares valuable insights into identifying and mitigating cyber threats, the importance of understanding your environment's architecture, and the critical role of logging and threat modeling. The discussion covers the challenges of responding to breaches, the process of forensic analysis, and the importance of timely and transparent communication with clients. Filmed live at fwd:cloudsec 2024 in Arlington, Virginia, this is an episode you don't want to miss. About Noah...2024-07-3032 min
Tux FlashAch hier die mit dem Totalausfall. Nein, nein wir sind Cloudsec.Hauke und Micha kommen mal wieder über einige Umwege auf Spammails, den Crowdstrike Vorfall und Linux Mint 22 zu sprechen. 2024-07-261h 34
Absolute AppSecEpisode 252 w/ Rami McCarthy - Security Startups, JobsProduct Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He’s recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a gr...2024-07-1600 min
CyberBytes: The PodcastCyberBytes: RSA 2024 Edition: Upwind with Amiram ShacharToday’s guest is Amiram Shachar, Co-Founder & CEO @ Upwind a Cloud Security Platform focused on Runtime Security.Before founding Upwind around 18 months ago, Amiram successfully built and sold Spot.io despite investor concern.In this episode, Amiram and I cover: Amiram’s background starting in the Israeli military Learnings from the success of his first saleThe problem Upwind is trying to solve What is Runtime Security The future for Upwind Future trends in the CloudSec space#Cyberbytes #Upwind #CloudSecAmiram’...2024-06-2114 min
Identity at the Center#276 - CloudSec with Kat Traxler of TrustOnCloudIn this thought-provoking episode of Identity at the Center, hosts Jim McDonald and Jeff Steadman engage in a candid conversation with security researcher Kat Traxler from TrustOnCloud. They delve into the intricacies of cloud identity management, discussing the unique challenges and strategies for securing assets in cloud environments like GCP and AWS. Kat sheds light on the importance of understanding the resource hierarchy in GCP and the nuances that differentiate it from AWS. The trio also explores the evolution of IAM tools and their applicability in the cloud, the debate between least privilege and zero standing privilege, and the...2024-04-221h 02
Cyber Sutra#17 Roadmap for learning CloudSec for IaaS, PaaS and SaaSBasics for learning CloudSec for IaaS, PaaS and SaaS.2024-02-1922 min
Cyber Sit-downS2 Ep3: Cracking the Code: DevSecOps in ActionIn this episode, we dive into the practicality of DevSecOps, uncovering this buzzword to understand how it transforms securing the software development process. We also explore the nuances that differentiate CloudSec from DevSecOps, shedding light on their distinct roles in safeguarding digital assets. Additionally, we discuss how to structure an organization that embraces security culture, gaining buy-in from both technical and non-technical stakeholders. Tune in to discover the essential principles and practices that can help your organization prioritize security while maintaining efficiency and innovation.
Guest: Larry Lidz, CISO, Cisco CX Cloud
To speak to Jason, please email...2024-02-1540 min
KBKASTEpisode 239 Deep Dive: James Campbell | Cloud Security Complexity and the Role of Automation in Digital ForensicsIn this episode, we are joined by James Campbell (CEO and Co-Founder of Cado Security) as we explore modern digital forensics and the complexity of the cloud. They discuss the transition from on-premise to cloud operations, the unique risks associated with ephemeral cloud infrastructure, and the growing need for automation in digital forensics to streamline routine tasks and enable security professionals to focus on advanced problem-solving. Join us as we unravel the intricacies of cloud security, automation in digital forensics, and the continuous learning and adaptation necessary to stay ahead in the rapidly evolving industry.
With over 15...2024-01-3136 minCloud Security PodcastBuild an Effective AWS Cloud Security Program in 2024How can you build a robust cloud security program in AWS, particularly as a startup and small to medium-sized businesses navigating AWS in 2024? We spoke to Chris Farris, who is the event chair for fwd:cloudsec, a known cloud security expert and one of the first AWS Heroes for security.
Chris shared his insights on how to build a security strategy that is both practical and effective in today's dynamic cloud environment. From discussing the importance of AWS organizations and Identity Centre to breaking down the complexities of cloud security posture management. You will hear actionable advice...2024-01-0548 min
Resilient CyberS5E7: Darwin Salazar - Data, Detections & the Cybersecurity MarketNikki - Can you tell us a little bit about what interested you in cloud security in the first place? I know you have a particular interest in misconfigurations - was there a singular event that spurred your interest? Chris - What are your thoughts around Guardrails in the cloud and using things such as event based detections?Chris - You interestingly took a Product role, but have a Detection and CloudSec background. How has the Product role been and do you think having the practitioner background helps you be a more effective Product Manager an...2023-11-1429 min
Crying Out Cloud#10 - fwd:cloudsec With Special Guest Scott Piperfwd:cloudsec event highlights podcast special - Featuring our special wizard guest Scott Piper, who is also the co-founder of fwd:cloudsec! A non-profit conference on cloud security that discusses all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and more!
fwd:cloudsec 2023 videos:
https://www.youtube.com/playlist?list=PLCPCP1pNWD7MR1SwekwbZls9TGzqo_LHx
2023-09-1929 minResilient CyberS5E2: Scott Piper - Modern Cloud Security and ResilienceChris: First off, you've been knee deep in CloudSec for several years now, watching trends, incidents and the industry evolve. Where do you think we've made the most headway, and where do you think we still have the largest gaps to close?Nikki: I'm really interested in multi-cloud environments and security - because of the connectivity potential between separate cloud providers. What do you think organizations should be most concerned with when looking at using multiple cloud providers? Chris: You recently contributed to a report with the Atlantic Council about the systemic risks of Cloud a...2023-09-0841 min
PODCAFÉ TECHIrmãos a obra: reformando sua cibersegurançaSend us a textHora de treinar a segurança cibernética e conquistar o pódio da proteção de dados! 🏅Você já pensou que os funcionários são a principal fonte de vazamentos de dados dentro de uma empresa? É hora de fortalecer a conscientização e a segurança cibernética. Batemos um papo com Moisés Margotto e Rodrigo Pace para saber mais sobre como tornar o ambiente interno da empresa ainda mais seguro.Descubra como você pode começar a se prevenir dessa dor de cabeça. Pegue seu café e dê o play...2023-07-111h 02
Screaming in the CloudNavigating Continuous Change in Cloud Security with Brandon ShermanBrandon Sherman, Cloud Security Engineer at Temporal Technologies Inc., joins Corey on Screaming in the Cloud to discuss his experiences at recent cloud conferences and the ongoing changes in cloud computing. Brandon shares why he enjoyed fwd:cloudsec more than this year’s re:Inforce, and how he’s seen AWS events evolve over the years. Brandon and Corey also discuss how the cloud has matured and why Brandon feels ongoing change can be expected to be the continuing state of cloud. Brandon also shares insights on how his perspective on Google Cloud has changed, and why he’s excite...2023-07-1134 minCloud Security PodcastSo You WANT TO DO Google Cloud Threat Detection - Start here!Cloud Security Podcast - Cybersecurity Threat hunting explained for Google Cloud. Day Johnson is a threat detection engineer and in this episode of Cloud security for Google Cloud security we spoke about how to start doing threat detection in Google Cloud, the common threats and attack vectors in GCP
Episode YouTube Video - https://youtu.be/FCVG7-lFu0Q
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Socials: Day Johnson's Linkedin (Day - Linkedin)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check...2023-07-1139 min
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, July 10th, 2023DSSuite Didier Toolbox Cokcer Image Update
https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008
More MoveIT Flaws and new Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Cisco Nexus 9000 Flaw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX2023-07-1004 min
SANS Stormcast: Daily Cyber Security NewsISC StormCast for Monday, July 10th, 2023DSSuite Didier Toolbox Cokcer Image Updatehttps://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Packhttps://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flawhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX2023-07-1004 minSANS Stormcast: Daily Cyber Security NewsISC StormCast for Monday, July 10th, 2023DSSuite Didier Toolbox Cokcer Image Updatehttps://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Packhttps://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flawhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX2023-07-1004 min
SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday July 10th, 2023DSSuite Update; New MoveIT Flaw; Nexus 9000 Flaw; DSSuite Didier Toolbox Cokcer Image Update https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Pack https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flaw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX keywords: nexus; 9000; encryption; moveit; sql injection; sqli; dssuite2023-07-1004 min
Cyber Morning CallCyber Morning Call - #349 - 07/07/2023[Referências do Episódio]
- Boletim de segurança do Android - julho de 2023 - https://source.android.com/docs/security/bulletin/2023-07-01?hl=pt-br
- Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
- Threat Alert: Anatomy of Silentbob’s Cloud Attack - https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
- The five-day job: A BlackByte ransomware intrusion case study - https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
- Increased Truebot Activity Infects U.S. an...2023-07-0707 min
Crying Out Cloud#5 - MOVEit Transfer 0day vulnerabilities (Special Guest: Scott Piper)Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster 🎢 Spoiler Alert: We've got @Scott Piper, the cloud security guru, joining the conversation too! His insights are amazing, so we've reserved a special upcoming episode just for him 😎
On today's journey, we are:
1️⃣ Peeling back the layers of MOVEit Transfer 0day vulnerabilities 🕵️
2️⃣ Breaking down CVSSv4💥
3️⃣ Sharing insider takeaways from fwd:cloudsec 2023 (FOMO, anyone?).🔮
4️⃣ Getting real about the Barracuda ESG 0day vulnerability (we're not fishing around! 🐠).
Important Links:
https://www.first.org/cvss/v4-0/https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.htmlhttps://www.mandiant.com/resources/bl...2023-06-2633 min
AWS Morning Briefre:Inforce and fwd:cloudsec with Scott PiperLast week in security news: Videos from fwd:cloudsec are now available on YouTube, AWS announces AWS Payment Cryptography, Amazon CodeGuru Security is now available in preview, and more!Links:There was lots of great content presented at fwd:cloudsec. The day-long videos are up on YouTube. You can use the schedule to help find the talks you're interested in.In contrast to AWS's "Shared Responsibility Model", I appreciate GCP's "Shared Fate Model" where they put their own skin in the game in ensuring their customers are protected. In their New Cryptomining Protection Program, they offer $1M...2023-06-2207 min
ISTS - i sh0t the sheriffEdição 140 15.06.2023Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino
Produção: Halfmouth Podcasts
Some Music from: https://www.bensound.com
Eventos:
Teve: THOTCON, YSTS, re:inforce e fwd:cloudsec
BSidesSP
CFPs: Sector.ca até 22 de junho.
Notícias:
https://www.bleepingcomputer.com/news/security/barracuda-says-hacked-esg-appliances-must-be-replaced-immediately/
https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
https://labs.watchtowr.com/xortigate-or-cve-2023-27997/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
Música
Mais Notícias:
https...2023-06-1957 min
Screaming in the CloudCentralizing Cloud Security Breach Information with Chris FarrisChris Farris, Cloud Security Nerd at PrimeHarbor Technologies, LLC, joins Corey on Screaming in the Cloud to discuss his new project, breaches.cloud, and why he feels having a centralized location for cloud security breach information is so important. Corey and Chris also discuss what it means to dive into entrepreneurship, including both the benefits of not having to work within a corporate structure and the challenges that come with running your own business. Chris also reveals what led him to start breaches.cloud, and what he’s learned about some of the biggest cloud security breaches so far. ...2023-06-0835 min
Screaming in the CloudExciting Times in Cloud Security with Chris FarrisChris Farris, Cloud Security Nerd at Turbot, joins Corey on Screaming in the Cloud to discuss the latest events in cloud security, which leads to an interesting analysis from Chris on how legal departments obscure valuable information that could lead to fewer security failures in the name of protecting company liability, and what the future of accountability for security failures looks like. Chris and Corey also discuss the newest dangers in cloud security and billing practices, and Chris describes his upcoming cloud security conference, fwd:cloudsec. About ChrisChris Farris has been in...2023-03-2132 min
Screaming in the CloudSolving for Cloud Security at Scale with Chris FarrisAbout Chris Chris Farris has been in the IT field since 1994 primarily focused on Linux, networking, and security. For the last 8 years, he has focused on public-cloud and public-cloud security. He has built and evolved multiple cloud security programs for major media companies, focusing on enabling the broader security team’s objectives of secure design, incident response and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he’s architected and implemented multiple serverless and traditional cloud applications focused on deployment, security, operations, and fina...2023-01-2435 min
Cloud Out Loud PodcastEpisode 21 - Encouraging Women in Tech and InfoSec specificallySend us a textWomen in IT, Cloud Security, and InfoSec with Marsha WilsonEpisode 21: Show NotesWelcome back to another episode of Cloud Out Loud! Today we are joined, once again, by Marsha Wilson to discuss the presence of women in IT, cloud security, and InfoSec. Marsha is the CEO of ScaleSec and has had a fascinating career that spans the military and the private sector. Tuning in you’ll hear Marsha’s thoughts on how the field has evolved since she first started out, along with the chan...2022-10-1735 min
AWS Morning BriefThe Spiritual Alignment of Cloud EconomicsLinks:Last week LastPass reported (yet another) security issue, wherein their source code was stolen. Finally: an honest recap of fwd:cloudsec and re:Inforce 2022 from someone who had the stomach to sit through the entirety of the latter.The Register reports on a growing trend of using AWS resources to hide phishing attacks.Expanded eligibility for the free MFA security key program How to centralize findings and automate deletion for unused IAM rolesIdentifying publicly accessible resources with Amazon VPC Network Access Analyzer The tool of the week: popeye is a Kubernetes cluster resource sanitizer.2022-09-0104 min
Security Weekly Podcast Network (Audio)ASW #207 - Chen Gour ArieIn today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. In this episode, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what...2022-08-101h 18
Application Security Weekly (Audio)ASW #207 - Chen Gour ArieIn today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. In this episode, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what...2022-08-101h 18
Application Security Weekly (Video)Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw2072022-08-0941 minApplication Security Weekly (Video)Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw2072022-08-0941 min
Detection at ScaleCedar’s CISO Aaron Zollman: Lessons From Building a Modern Security TeamAaron Zollman is the CISO at Cedar — a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience. Prior to Cedar, Aaron spent time in security at companies like Bridgewater, Palantir, and MUFG Bank, Japan’s largest bank.
In today’s episode, Aaron and Jack discuss lessons and tips to help organizations build a modern security team that’s capable of detection and response at scale.
Topics discussed:
What Aaron learned as he transitioned from the public sector to the private sector.
How security tools have evolved over the tim...2022-06-1332 min
PODCAFÉ TECHCybersegurança: Controle e prevenção de fraudesSend us a textControle de fraudes é um universo em Cybersegurança, neste episódio do Podcafé da TI batemos um papo com o Moisés Margotto (CyberSec, CloudSec and InfoSec Leader) que generosamente compartilhou um pouco de sua vasta experiência atuando internacionalmente. Um episódio imperdível aguardando pelo seu clique! Não entre em roubada e dá logo o play!Participantes:Moisés Margotto: CyberSec, CloudSec and InfoSec LeadeDyogo Junqueira: Co-Host do PodCafé TechGuilherme Gomes: Co-Host do PodCafé TechAnderson Fonseca: Co-Host do PodCafé Tec...2022-05-241h 14Screaming in the CloudThe Independent AWS Security Researcher with Scott PiperAbout ScottCloud security historian.Developed flaws.cloud, CloudMapper, and Parliament.Founding team for fwd:cloudsecLinks:Block: https://block.xyz/Twitter: https://twitter.com/0xdabbad002022-04-1938 min
Relating to DevSecOpsEpisode #041: Holistic Cloud Medicine in the Face of the Modularization of Cloud Components Affects ApplicationsSend us a textA continuing trend in cloud and application security has been the modularization of application functions that offloads the developer responsibility for security and even some development! We cover how these cloud legos affect secure architectures, how the assessment paradigm shifts to configuration, how traditional silos such as #cloudsec, #netsec, and #appsec change. Mike brings a real world scenario and provoking thoughts around how we can possibly call something secure if we don't understand all the cards and players. In this episode Mike coins the phrase of holistic medicine in cloud. As l...2022-03-1731 minAbsolute AppSecEpisode 162 - Mike McCabe (@mccabe615) - Cloud SecurityAfter a week's hiatus, the Absolute AppSec-ers return with guest Mike McCabe (@mccabe615) to talk about all things Cloud Security. Discussions on cloud security tools, various differences between AWS and Azure, infrastructure as code (IaC), and predictions on cloudsec merging with appsec in the future.2022-02-2200 min
МимокрокодилВыпуск #12 - Денис Якимов. Про devsecops в большом банке и медийность с автором DevSecOps Wine канала.В этот раз у нас в гостях Денис Якимов занимающий позицию Head of DevSecOps в одном из крупнейших банков России, в широких кругах известен как автор нескольких популярных телеграмм каналов, таких как DevSecOps Wine CloudSec Wine и AppSec & DevSecOps Jobs.
Денис рассказал чем занимается человек на такой уникальной для СНГ позиции как Head of DevSecOps, что в ходит в круг его задач и поделится опытом их решения. Вторая часть подкаста освещает тему медийности в ИБ и её влияние на карьеру. Кажется, вышло интересно!
Внутри
- Как Денис пришел к текущей позиции
- Мнение Дениса о роли devsecops практик в ландшафте защиты компании
- Какие стоит покупать, а где лучший друг open source
- История развития DevSecOps wine канала
- Рассуждения не тему роли медийности в карьере ИБ специалиста2021-12-0853 min
The BetaKit Podcast ChannelHow Wheelhouse plans to take on tech's fitness giants"I like to think that Peloton is the equivalent to Facebook." Wheelhouse co-founder and CEO Kyle Gibson shares how his small company plans to take on giants with a hybrid fitness approach, and the switch from a lifestyle to a venture-backed business. Sponsored by SVB and CLOUDSEC 2021.2021-10-3140 min
The BetaKit Podcast ChannelWhy Elizabeth Yin is hustling to build the next generation of angel investors"One of the problems that we see is that we're a little bit stuck in this rut with VC... You also need to attack the problem in other ways." Elizabeth Yin, General Partner and Co-Founder at Hustle Fund, talks about the firm's new Angel Squad, designed to foster a diverse group of new investors. Sponsored by SVB and CLOUDSEC 2021. 2021-10-2340 min
Cloud Security Podcastfwd:cloudsec conference this week, Vulnerabilities discovered in AWS - Cloud Security NewsCloud Security News this week - 15 September 2021
Oracle Chief Technology Officer and co-founder Larry Ellison told their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think an application should talk to five or six separate databases referencing AWS’ database offerings and calling it a very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report in July 2021 noting that over 90% of the worldwide cloud market was concentrated in just four cloud providers. Amazon Web S...2021-09-1503 min
Cloud Security News15 Sep, 2021 - Oracle superior to AWS? AWS Vulnerabilities Discovered and fwd:cloudsec conference held this weekCloud Security News this week - 15 September 2021
Oracle Chief Technology Officer and co-founder Larry Ellison told their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think an application should talk to five or six separate databases referencing AWS’ database offerings and calling it a very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report in July 2021 noting that over 90% of the worldwide cloud market was concentrated in just four cloud providers. Amazon Web S...2021-09-1503 min
עושים תוכנה Osim Tochna[עושים תוכנה] למה לענן יש שם רע בעולם הsecurity?פיתוח וdeployment על גבי הענן הופך לנפוץ יותר ויותר ומביא איתו הרבה חידושים שמשפרים את היכולות שלנו לפתח מהר יותר אפליקציות גדולות ומורכבות יותר.אחד מההיבטים המעניינים שמשתנה עם המעבר לענן הוא נושא הsecurity וההתמודדות איתו.הזמנו לאולפן את משה פרבר, יועץ ואושייה בתחום הCloud Security ופרשנו את המונחים החשובים ביותר בענן, דיברנו על מודל חלוקת האחריות וענינו גם על השאלה משם הפרק וכמו כן על אחרות.האזנה נעימה, עמית.https://www.ads.ranlevi.com/2021/02/28/overwolf-osimtochna-cloudsec/2021-02-2844 minScreaming in the CloudDefining Your Consultancy Niche Part 2 with Scott PiperLinks Referenced: Company website: http://summitroute.comflaws.cloud: http://flaws.cloudfwd:cloudsec: https://fwdcloudsec.org/Twitter: https://twitter.com/0xdabbad00 2021-01-2142 minScreaming in the CloudBest Practices for AWS Security - Part 1 with Scott PiperAbout Scott PiperScott is an independent consultant helping companies secure their AWS environments through private trainings. He created the free training sites flaws.cloud and flaws2.cloud, along with the open-source projects CloudMapper, Parliament, and more.Links Referenced: Connect with Scott Piper on... LinkedInTwitter: @0xdabbad00 Company website: Summit Routeflaws.cloudflaws2.cloudfwd:cloudsec2021-01-1442 min![Day[0]](https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo/1589585/1589585-1553556841291-2e3a293ad9c2e.jpg)
Day[0]iOS 0days are worthless, PrintDemon, and a takeover of hackeroneAre iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0].
[00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability
https://github.com/cloudsec/aksp/blob/master/hksp.patch
[00:11:59] iOS one-click chains prices likely to drop
https://www.hackasat.com/
[00:33:30] Defcon Quals 2020
https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/
[00:46:33] vBulletin 5.6.1 SQL Injection
[00:52:52] Subdomain takeover of resources.hackerone.com
[01:01:11] MyLittleAdmin PreAuth RCE
[01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension.
[01:16:47] Playing with GZIP: RCE in GLPI...2020-05-202h 32