Version 0.5 Sept. 10, 2025
We released a new schedule version! We've added “Hello? Whose service account keys are these?” by Lee Livsey.
We have a new session: “Hello? Whose service account keys are these?” by Lee Livsey.
Version 0.4 Sept. 10, 2025
We released a new schedule version!
We have new sessions!
We sadly had to cancel a session: “Lambda Loiterers: Persistence and Exfiltration in Serverless via Malicious Extensions” by Nandini Singhal
We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:
- “Sweet Deception: Mastering AWS Honey Tokens to Detect and Outsmart Attackers” by Nick Frichette (Sept. 16, 2025, 3:40 p.m. → Sept. 16, 2025, 2:30 p.m.)
- “Pods Without Borders: Lateral Movement in Azure Kubernetes Service” by Nishaanth Guna (Sept. 16, 2025, 11:40 a.m. → Sept. 16, 2025, 11:35 a.m.)
- “Lurking in the (documentation) shadows: Why We Built the AWS Security Changes Project” by Liad Eliyahu (Sept. 16, 2025, 1:50 p.m. → Sept. 16, 2025, 12:05 p.m.)
- “STRIFEBOT: Attacking and Defending Snowflake Data-lakes” by James Henderson (Sept. 16, 2025, 3:10 p.m. → Sept. 16, 2025, 2 p.m.)
- “Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP” by Eliav Livneh (Sept. 16, 2025, 2:20 p.m. → Sept. 16, 2025, 1:30 p.m.)
- “Security by Design: Lessons from Oracle Cloud Infrastructure” by Ariel Septon (Sept. 16, 2025, 4:10 p.m. → Sept. 16, 2025, 3:15 p.m.)
- “EU Compliancy Cloud Framework-ish Smackdown” by Rich Mogull (Sept. 16, 2025, 10:40 a.m. → Sept. 16, 2025, 10:20 a.m.)
- “Mistrusted Advisor: When AWS Tooling Leaves Public S3 Buckets Undetected” by Jason Kao (Sept. 16, 2025, 11:10 a.m. → Sept. 16, 2025, 11:05 a.m.)
- “The File That Contained the Keys Has Been Removed: An Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcomes” by SOUFIAN EL YADMANI (Sept. 15, 2025, 5 p.m. → Sept. 16, 2025, 3:45 p.m.)
Version 0.3 Aug. 7, 2025
We released a new schedule version!
We have a new session: “The File That Contained the Keys Has Been Removed: An Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcomes” by SOUFIAN EL YADMANI.
We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:
- “Dealing with Storage Data Logs in the Cloud: A Hidden Challenge” by Maayan Bentor, Zoe Rabi (Sept. 15, 2025, 3:20 p.m. → Sept. 15, 2025, 3 p.m.)
- “Azure Arc: From a Heartbeat to Heart Attack” by Sharan Patil (Sept. 15, 2025, 10:55 a.m. → Sept. 15, 2025, 10:50 a.m.)
- “From One to Hundreds: Reflections on a Decade of Building the Trenches” by Joel Thompson (Sept. 15, 2025, 2 p.m. → Sept. 15, 2025, 1:45 p.m.)
- “A Candid Perspective on the Cloud Threat Landscape: What’s Real, What’s Not, and What Should Change” by Curtis Hanson (Sept. 15, 2025, 11:25 a.m. → Sept. 15, 2025, 11:20 a.m.)
- “Ransomware protection with immutable AWS Backup - it's complicated ...” by Paul Schwarzenberger, Kurtis Mash (Sept. 15, 2025, 4:20 p.m. → Sept. 15, 2025, 4 p.m.)
- “The Cloud is a Spider Web: But with Broken Threads” by Nitesh Surana, Nelson William Gamazo Sanchez (Sept. 15, 2025, 4:50 p.m. → Sept. 15, 2025, 4:30 p.m.)
- “Connecting the Cloud-Dots: Constructing a Knowledge Layer from Autonomous Attack Simulation” by Itay Gabbay (Sept. 15, 2025, 11:55 a.m. → Sept. 15, 2025, 11:50 a.m.)
- “SyncJacked - Hijacking Identities Through Entra Connect Synchronization” by Tomer Nahum (Sept. 15, 2025, 2:30 p.m. → Sept. 15, 2025, 2:15 p.m.)
- “Continuous Integration / Continuous Deception: Trying my luck as a malicious maintainer” by Benedikt Haußner (Sept. 15, 2025, 1:30 p.m. → Sept. 15, 2025, 1:15 p.m.)
- “Permission Impossible: Hidden Dangers of Azure RBAC and API Vulnerabilities” by Ariel Simon (Sept. 15, 2025, 3:50 p.m. → Sept. 15, 2025, 3:30 p.m.)
Version 0.2 Aug. 6, 2025
First public schedule
We have a new session: “Mistrusted Advisor: When AWS Tooling Leaves Public S3 Buckets Undetected” by Jason Kao.
Version 0.1 Aug. 5, 2025
We released our first schedule!