sadcloud: Templating cloud misconfigurations

less than 1 minute read

For posterity and discoverability, I’m syndicating all of my public work for NCC Group to this personal blog.

I built a Terraform-based tool for standing up intentionally insecure cloud environments.

Links

The announcement post can be found on the NCC Group blog.

sadcloud can be found on the NCC Group github.

less than 1 minute read

Every couple years I find myself needing to brush up on the risks and threat model of AWS Lambda.

6 minute read

In AWS Phishing: Four ways, I mentioned the potential for AWS SSO Device Authentication Phishing.

6 minute read

I’m a bit obsessed with the real world threats against cloud-native environments.

less than 1 minute read

A retrospective on 2022 in public cloud breaches, featuring thoughts from a conversation with Houston Hopkins and me.