It's funny because blameless culture applies to AI too. AI can make mistakes, but it's going to be your organization's lack of planning/monitoring/operational capabilities that causes "the incident".
Whoa, this seems like a hell of a re:invent announcement that leaked too early:
www.youtube.com/watch?v=Q2Zp...
π Β‘Nuevo meetup del AWS User Group Sevilla!
Este mes hablamos de seguridad en la nube con AWS π y de cΓ³mo Prowler ayuda a auditar y reforzar tus cuentas AWS.
π
29 oct, 19:00h Β· πEspacio RES
π www.meetup.com/aws-user-gro...
#AWS #CloudSecurity #Prowler #Sevilla
Thanks to folks including @frichetten.com for feedback about our Bedrock API key launch. We're listening. Yesterday, we updated Bedrock and IAM docs (see docs.aws.amazon.com/bedrock/late...) to clarify that these are service-specific credentials and how to prevent their use in your environment. 1/2
followed by this image from our workshop π github.com/unicrons/sec...
I always sent people this challenge from the Cloud Village CTF, so they understand how easy you can misconfigure OIDC unicrons.cloud/en/2024/08/1...
And we couldn't let August end without publishing our writeups for the @cloudvillage-dc.bsky.social CTF at @defcon.bsky.social
unicrons.cloud/en/2025/08/3...
Wiz already released the new challenge for this month, so it is time to show how we solved the previous one!
We always wanted to dig more about containers escaping, so it was a perfect opportunity to learn.
unicrons.cloud/en/2025/08/1...
Major shout out to @andoniaf.unicrons.cloud for adding three new privilege escalation techniques to the Hacking the Cloud catalog! Contributions like this make everything possible.
hackingthe.cloud/aws/exploita...
Do you want to build "the perfect pipeline"?
@Paco_S and I will present "Level Up Your CI/CD: Building a secure pipeline with OSS" workshop at @cloudvillage-dc.bsky.social @defcon.bsky.social π
We're at @fwdcloudsec.org and we have stickers. I do not know what else to say so just find us (or the stickers we left around π)
Is your boss telling you to reduce the bill? Then this meetup is perfect for you!
FinOps for Engineers: How to create real impact in your organization πΈ
with Ernesto Suarez, CEO at @GlassityStartup
πThu, June 12
β°β£18:30h
π@FlywireEng
office
πRSVP: www.meetup.com/aws-valencia...
An AWS Documentation Change Tracker, cool ππ»
awssecuritychanges.com
Would you prefer a video? I also have a video. www.youtube.com/watch?v=r7HV...
Never heard about this? No problem.
Take a look to hackingthe.cloud/aws/exploita... to quickly understand how attackers do it.
And this github.com/ramimac/aws-... to understand how common (and old) this kind of attacks are.
Friendly reminder: IMDSv2 was released in November 2019.
www.bleepingcomputer.com/news/securit...
The talk is already available in YT: www.youtube.com/watch?v=p2Cb...
"100% serverless Certificate Authority on AWS, only $50/year"
Never thought I would hear all these words togetherπ
But it's true, go check this amazing project serverlessca.com by @paulschwarzen
Vaya, parece que @colibid tambiΓ©n retransmite partidos de futbol de forma "ilegal"...
"Vibe coders" are in trouble...
www.pillar.security/blog/new-vul...
En casa del herrero, cuchillo de palo. π
medium.com/@adan.alvare...
Open Cloud Security agenda is out! π
opencloudsecurity.vfairs.com/en/#agenda
AWS Root Keys in Front-End Code?! Wtf π
trufflesecurity.com/blog/researc...
Psychological safety is NOT about lack of disagreement.
Psychological safety REQUIRES:
* disagreement and debate
* setting standards for behavior and performance, and enforcing them
* telling people things they don't want to hear
* courage, from the bottom up
* humility, from the top down
Key takeaways for me:
- "False Positives Rate" as the most important metric for measuring detection eng. success
- "Most detections (42%) were custom-built to fit their organizationβs unique envs. Vendor-provided come in second at 37%, but few rely on them exclusively."
