Nathan Eades
Experienced engineer in threat detection and threat research, I have an abundance of knowledge gained from years of actively uncovering, constructing, scrutinizing, and validating security measures across leading cloud service providers.
In addition, I have successfully designed and managed well known Security Information and Event Management (SIEM) platforms, effectively implemented data loss prevention initiatives, executed comprehensive risk assessments, and consistently engage in coding endeavors through various personal projects.
I'm dedicated to advancing cloud security and have a commitment to staying at the forefront of industry trends. I am thrilled to share my insights and experiences with my peers.
Session
Permiso's p0 labs is privileged to have access to diverse data sets that enable the identification of interesting forms of attack, obfuscation, and anomalies. While cloud service providers like AWS allow for broad naming inputs to identities and resources, this approach can lead to some unforeseen consequences. In this talk, we will explore different scenarios we’ve discovered through our research that highlight how the loose nature of AWS’s naming conventions allows for inputs that can negatively affect detection capabilities and potentially obscure an attack.
Throughout the presentation, I will provide a breakdown of the potential consequences of these scenarios, including their impact on detection and the possible motivations behind them. Additionally, I will discuss a case in which an instance of broad input generated false positive detections in an environment years later. By analyzing these scenarios, we hope to provide insights into the importance of keeping your eyes open when reviewing logs, spark some ideas of your own, and maybe help you down the path to find similar instances in your own environments.