Interesting. I didn't know there was one more than region in that partition.
- Practitioners! This is a conference for practitioners. Cross-tenant 0days are fun, but war stories of migrating accounts between Orgs due to M&A, migrating applications from one cloud to another, and other things practitioners do are the meat and potatoes of this conference.
* How are you securing agents in the cloud?
- Some of you have multiple AWS Organizations. How are you managing an organization of Organizations?
- AI: Last year we received surprisingly few talks related to AI. 🤯 I know you all are using AI for all sorts of cloud security things. Let's hear about it! Examples:
* How easy was it to migrate CloudFormation to terraform, or to a different cloud, with an LLM to translate?
- Cloud concepts brought back to datacenters: For years people have turned their old existing datacenters into "clouds", but now you have people who have only ever used the cloud moving to datacenters. What did they bring with them?
- Neoclouds: CoreWeave, Vercel, and other code execution as-a-service. How are you securing (or abusing) those?
- Multi-partitions: How are you leveraging both AWS standard and European Sovereign Cloud? Any unexpected gotchas in ESC or other partitions?
It pains me when I hear people say "I thought about submitting a talk to the fwd:cloudsec, but didn't because..." and the reasons are often things I actually want to see presentations on! Some talk ideas I personally want to watch (the other reviewers and I will fight ⚔️):
Tickets for fwd:cloudsec North America go on sale today, in about 4 hours, at 10am PST.
fwdcloudsec.org/conference/n...
Tickets go on sale next week on Monday, Feb 9, at 10:00 a.m. PST for our North American conference happening near Seattle on June 1 and 2. An additional small batch will go on sale that evening at 11:00 p.m. PST.
Tickets will be available for purchase here: www.eventbrite.com/e/fwdcloudse...
@fwdcloudsec.org is an awesome conference. Looking forward to seeing lots of cool submissions into the CFP!
Did you know Claude models have a "magic string" to test when a model refuses to respond? If that string enters prompt context, it can be abused to break LLM workflows until context is reset.
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
We've locked in dates and venues for the North American (NA) and European (EU) fwd:cloudsec conferences this year!
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
What are we calling normal AWS now? Normal, standard, classic, commercial, global, american?
How do you say out loud the acronym for AWS European Sovereign Cloud? I'm calling it "oosk", because the region is eusc-de-east-1, which sounds like a riff on the techno onomatopoeia "boots and cats".
The most surprising thing about AWS ESC is there aren't any cookie acceptance popup windows in the console. Is this really European?
Very cool research on a CodeBuild misconfiguration which could have had significant consequences. I’m a bit disappointed that there wasn’t more done to secure the supply chain after the Q Developer incident.
www.wiz.io/blog/wiz-res...
The AWS European Sovereign Cloud (ESC) has launched!
aws-news.com/article/2026...
December is generally a good time for gifts, and I have a special one for you.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
This is excellent. Also available in video.
allan.reyes.sh/posts/keepin...
h/t tldrsec
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
The day has come where we get to announce what we've been working on for the past year 😍
www.duckbillhq.com/blog/skyway-...
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
I used to drink a gallon of milk a day, so this is just being more efficient.
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
