Adan Álvarez #standwithukraine

Gaining Long-Term AWS Access with CodeBuild and GitHub Discover how attackers can abuse AWS CodeBuild and GitHub Actions to gain stealthy persistence in compromised AWS environments.

𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐞 is one of the first goals for an attacker in AWS, and 𝐂𝐨𝐝𝐞𝐁𝐮𝐢𝐥𝐝 can help them get it.

In my latest blog, I walk through how an attacker could abuse AWS CodeBuild + GitHub Actions to maintain long-term access in a compromised AWS account:

medium.com/@adan.alvare...

DIY — Evaluating AWS Native Approaches for Detecting Suspicious API Calls While in my previous articles from the DIY series, I explored how to build solutions with LLMs (Using Semgrep with LLMs and Building a…

When securing AWS, you can build different solutions with native services, but which one works best for 𝐚𝐥𝐞𝐫𝐭𝐢𝐧𝐠 𝐨𝐧 𝐬𝐮𝐬𝐩𝐢𝐜𝐢𝐨𝐮𝐬 𝐀𝐏𝐈 𝐜𝐚𝐥𝐥𝐬? In my latest article, I break down three AWS-native alerting methods, comparing their time to alert, cost, and ease of use: medium.com/@adan.alvare...

Safe.eth on X: "Investigation Updates and Community Call to Action" / X Investigation Updates and Community Call to Action

New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...

Breached? Not Game Over: Learn How to Turn the Tables on AWS Attackers! A breach in AWS isn’t game over, initial access is just the first move. Learn how to rig the game and win.

Breached? Not Game Over!

When an attacker gets access to your account, it is just the beginning of the game, not the end.

In my latest article, I explain how we can rig the game to stop attackers before real damage happens.

🔗Read here: medium.com/@adan.alvare... #CyberSecurity #AWS #CloudSecurity

DIY — Building a Cost-Effective Questionnaire Automation with Bedrock Security questionnaires are very common today. When customers consider your product, especially if you’re a startup, they often ask for…

I built a PoC using Amazon Bedrock to automate security questionnaires. A centralized, secure knowledge base + zero cost when idle makes it perfect for occasional use. medium.com/@adan.alvare...

Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware?
IBAN for donations is available here:
www.ccc.de/en/updates/2...

Talks for context
media.ccc.de/v/37c3-12142...
streaming.media.ccc.de/38c3/relive/...

GetFederationToken: A Simple AWS Persistence Technique Used in the Wild My last two articles (how attackers can abuse IAM Roles Anywhere for persistent AWS access and gaining AWS persistence by updating a SAML…

Learn how attackers abuse STS GetFederationToken for AWS persistence and how a proper incident response can make it useless. medium.com/@adan.alvare...

My latest contributions to Stratus Red Team are live in v2.20.0! 🎉

🎄 Want to boost your AWS security this holiday season? Today in #AdventOfCloudSecurity, I’ll show you how to use HoneyTrail to set traps for attackers. If they snoop around, you’ll know! 🎁 Check out daily videos on AWS, Azure, GCP & more: advent.cloudsecuritypodcast.tv #CloudSecurity

Want to keep up to date with Datadog’s Cloud Security Research? We’ve got a starter pack for that. All of our researchers in one feed.
go.bsky.app/8XpcFm5

AWS's IAM Roles Anywhere, allows external systems to obtain temporary AWS credentials via a trusted Certificate Authority (CA). While enhancing secure access, it can be exploited if attackers establish trust with a CA they control. Learn about it in my latest article: link.medium.com/C4CBuJyfzOb