2025-09-16 –, Main Room
Public cloud providers routinely update service configurations, sometimes subtly altering security postures without providing organizations with the potential security implications. In this talk, we’ll walk through the real-world discovery of a major architectural flaw in AWS’s ALB authentication system, later dubbed “ALBeast,” which exposed thousands of organizations due to undocumented behavior rather than insecure code. This event served as a wake-up call, prompting us to launch awssecuritychanges.com, an open-source initiative dedicated to tracking and analyzing silent, security-impacting changes in AWS documentation and service behavior. We’ll show how we built this resource, the surprising patterns it has uncovered since, and how security practitioners can use it to proactively detect and respond to risks that often hide in plain sight. You’ll walk away with a sharper lens on the hidden risks in the cloud shared responsibility model and practical guidance on how to protect your organization using predictive threat intelligence.
Liad Eliyahu is the Head of Research at Miggo Security. With over eight years of experience in vulnerability research across diverse platforms and technologies, he has a proven track record of identifying and mitigating security risks. Liad’s passion for both offensive and defensive perspectives fuels his ability to uncover vulnerabilities and craft innovative solutions that significantly enhance application security