Olivia
Online
Seth Art
@sethsec
Cloud Security Research and Advocacy @Datadoghq. Previous: Cloud Penetration Testing lead @BishopFox. Also on Mastodon
Ithaca, NY
Joined June 2010
370 Following
1.4K Followers
1.1K Posts
📣 Issue 84 is out. Highlights:
- Amazon Inspector enhances the security engine for container images scanning.
- AWS CloudTrail network activity events for VPC endpoints now generally available.
- whoAMI: A cloud image name confusion attack by Seth Art.
- Uncovering a Hidden CloudTrail Bug by Tracing AWS AssumeRole Chains in a Graph Database by Or Aspir.
- Tool: Cloud Trail Discover cheat sheet.
https://t.co/rIXmb7qrXm
whoAMI attacks give hackers code execution on Amazon EC2 instances - @billtoulas
https://t.co/TKPhz89Tx6
https://t.co/TKPhz89Tx6
whoAMI research by DataDog. I immediately thought about all the user-data scripts that me be attached to those launched EC2 instance images 🥶
Kudos to @sethsec for the discovery, research, and tool!
#aws #cloudsecurity
https://t.co/r5w4Jcmjmy
Who to follow
xer0dayz
@xer0dayz
Founder of @Sn1perSecurity. Creator of Sn1per and @SILENTCHAINAI. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP - https://t.co/iqw8gBpkKb
Nicolas Grégoire
@Agarri_FR
Web hacker and Burp Suite Pro trainer
Refer to https://t.co/D5tRH7U2hg for trainings
Follow @MasteringBurp for free tips and tricks
Moloch
@LittleJoeTables
Offsec Engineer
Formerly of @BishopFox
https://t.co/YcsVLOezuj
https://t.co/z3UKx3Wcrf
The prior name confusion issue: https://t.co/Ci1MDZ1yBC
@ramimacisabird Thanks so much @ramimacisabird! Your SSM Command Document research is a must read for sure.
Excellent research here from @sethsec and crew - including responsible disclosure, AWS hardening enhancement, detection guidance, etc.
🤔 I did report a name confusion in SSM Documents impacting Datadog right before this was found... 😜
The post also includes many ways you can check to see if you are vulnerable!
My Datadog Security Labs research is finally live! The whoAMI research highlights how a malicious actor could gain remote code execution in thousands of AWS accounts that are vulnerable to this attack.
https://t.co/dTtEftS36S
@_xDeJesus Thanks for sharing @_xDeJesus. Spot on about the user-data. And just think about all of the attached IAM roles and permissions as well!
What. The.
Fun with Google Cloud's default service accounts (and how to leverage them for offensive purposes)
https://t.co/tCeGtjqsGn
🔗In this article we talk about how I exploited a Fortune 500 Through Hidden Supply Chain Links
Link 👇
https://t.co/K5vo4M1Rap
Thanks to the entire @HashiCorp team ! 🤟
Enjoy 🔥
☁️ State of Cloud Security
2024 update of @Datadog’s report analyzing security posture data from a sample of thousands of orgs across AWS, Azure, and Google Cloud
• Long-lived credentials continue to be a major risk.
• Adoption of public access blocks in cloud storage services is rapidly increasing,
• <1/2 of EC2 instances enforce IMDSv2, but adoption is growing
• Securing managed Kubernetes clusters requires non-default, cloud-specific tuning
• Insecure IAM roles for third-party integrations leave AWS accounts at risk of exposure
• Most cloud incidents are caused by compromised cloud credentials
https://t.co/3nJyFrMhwA
Mine & @sabi_elezi's #MaLDAPtive presentation from @defcon is now posted on YouTube! LDAP obfuscation, deobfuscation & detection - all built on our 100% custom LDAP parser.
Recording: https://t.co/pDAqDUrAOF
Tool: https://t.co/ZoDhXt4AxT
@permisosecurity #LDAP #ClippyGotJokes
Excited to share some research I've been working on for the past few months, based on real-world data from thousands of environments using AWS, Azure and Google Cloud!
https://t.co/2CFZmm4Cwz
Registration for the 2024 CNY Hackathon is now open!
https://t.co/N9yylU0DwL
How it feels to be on the other side… #Bluesky
I had such a great time speaking about Cloud Security at @BsidesORL! I saw some great talks, made some new friends, and got to hang with old ones. A huge thank you to all of the volunteers that made this epic event possible!
Last Seen Users on Sotwe
ผ้าถุงzzzz
Seen from Thailand
Perfect porn 💦
Shabnam Shabnam
Seen from United Kingdom
Sadia khan
Seen from Saudi Arabia
ahmet. ayşe manavgat çift
Seen from Turkey
Elias Twinkie
Seen from Ukraine
カムリ@TRPG用
Seen from Japan
💃 Sexy 🎶 TikTok ❤️🔥 Babes 💋
Seen from Poland
كرار علي
Seen from Netherlands
African Teens Homemade
Seen from Switzerland
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers