Over the weekend I spent time working on the Cloud Village CTF put on this year at Defcon 33. While you needed to be present physically to be eligible for any prizing if you were to place in the top 3, the challenges (outside of one) were available to complete…
This is my writeup for June's challenge of Wiz's Cloud Security Championship. They plan to release a CTF challenge for each month of the year, each created by one of their own researchers. We're provided with a shell on an EC2 instance to begin.…
In Part 1 I wrote about enterprise IdPs (Azure AD, Okta, etc.) and how suspicious sign-in behavior can present itself. Now we turn to the cloud accounts themselves, which have their own native identities and access mechanisms in AWS, Azure, and GCP. Each cloud has its own primitives (AWS IAM…
Cloud-first enterprises increasingly rely on Identity Providers (IdPs) like Azure AD and Okta as their new perimeter, but many SOCs are only just catching up. Without strong identity-focused monitoring, attackers can quietly slip in with stolen credentials or session cookies and move laterally between cloud apps. Cloud-based identities are an…
In this post is my analysis of a provided sample at the end of my Practical Malware Analysis and Triage course from HuskyHacks / Matt Kiely. The binary is benign and was used to further familiarize myself with the tools and techniques learned throughout the course. I really enjoyed the course…
This year I worked to complete challenges in the SANS Holiday Hack event for the first time. I managed to keep up mostly through the prologue and the first two acts, priorities shifted and needing to study for my upcoming Practical Malware Research Professional exam led me to choosing not…
This is my first time participating in an actual capture-the-flag event, and I am definitely happy to have gotten as far as I did. I worked alongside a team of colleagues at my work, so I did not solve every challenge myself (not for lack of trying). Throughout my work…
It’s 2024 — Anybody who has ever worked in a corporate role at some point understands what phishing is at a basic level. It starts with receiving an inconspicuous email, clicking the link, entering your credentials, and immediately the security team is calling you to assign multiple hours of phishing…
