Day is a Security Engineer at Datadog where he researches and develops various detections that protect Datadog’s Customers from Cloud Threats. In his free time Day creates Cybersecurity content on his youtube channel (Day Cyberwox) where he provides technical and career resources. His passion for the Cybersecurity industry makes him enjoy what he does to the fullest and drives him to continue to grow, become better at what he does, and help others break into the field.
If you have ever read the Sherlock Holmes story ‘A Study in Scarlet’, there is a quote: “If you have all the details of a thousand misdeeds at your finger ends, it is odd if you can’t unravel the thousand and first.” What this tells us is that by studying known threat activity, we can guide our efforts in the development of threat detection content.
In this talk, we’ll delve into several real-world Google Cloud Platform (GCP) attacks and highlight how to use the available telemetry to identify and detect these attacks. In particular, we'll dive into tactics used by threat actors such as lateral movement, privilege escalation, data exfiltration and the types of event logging to aid the detection process. At the end of the talk, attendees will better understand how to build targeted detections and enhance their overall security posture.