fwd:cloudsec
Episodes
Defenders hate it! Compromise vulnerable SaaS applications with this one weird trick (Eric Woodruff)
01 Jul 2025
Contributed by Lukas
https://youtu.be/rQxc9N4gBqASpeaker: Eric WoodruffThroughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles...
Putting Workload Identity to Work: Taking SPIFFE past day 0 (Dave Sudia)
01 Jul 2025
Contributed by Lukas
https://youtu.be/oHlPGzpFT_cSpeaker: Dave SudiaDave Sudia went from Platform Engineering to Product Engineering; in both roles he has had to stand up ...
Happy Little Clouds: Painting Pictures with Microsoft Cloud and Identity Data (Matt Graeber)
01 Jul 2025
Contributed by Lukas
https://youtu.be/nwYzVTL8Y4YSpeaker: Matt GraeberMatt is a threat researcher focused on detecting Microsoft cloud and identity threats. Coining the te...
Introducing GRC Engineering: A New Era of AWS Compliance (AJ Yawn)
01 Jul 2025
Contributed by Lukas
https://youtu.be/nEM7z266D6oSpeaker: AJ YawnAJ Yawn is an experienced cybersecurity leader specializing in cloud compliance, governance, risk, and com...
Staying Sneaky in the Office (365) (Christian Philipov)
01 Jul 2025
Contributed by Lukas
https://youtu.be/l5lpIF_QZCESpeaker: Christian PhilipovChris is a principal security consultant and leads the specialist services within Reversec. As ...
Not So Secret: The Hidden Risks of GitHub Actions Secrets (Amiran Alavidze)
01 Jul 2025
Contributed by Lukas
https://youtu.be/k3DBur7iEHMSpeaker: Amiran AlavidzeAmiran is a passionate product security professional with over 20 years of experience spanning sys...
Trust Issues: What Do All these JSON files actually mean? (David Kerber)
01 Jul 2025
Contributed by Lukas
Speaker: David KerberDave is an engineer and longtime AWS practitioner with a focus on IAM and AWS security tooling. He’s led product and engineerin...
Inviter Threat: Managing Security in a new Cloud Deployment Model (Meg Ashby)
01 Jul 2025
Contributed by Lukas
https://youtu.be/ilnOvSV0QtYSpeaker: Meg AshbyMeg does cloud security for Alloy, a fintech in NYC. Previous to Alloy she worked at Marcus by Goldman S...
I Didn’t Register for This: What’s Really in Google’s Artifact Registry? (Moshe Bernstein)
01 Jul 2025
Contributed by Lukas
https://youtu.be/hHe9cKfSfqISpeaker: Moshe BernsteinMoshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Clou...
No IP, No Problem: Exfiltrating Data Behind IAP (Ariel Kalman)
01 Jul 2025
Contributed by Lukas
https://youtu.be/g-XCNobgvaMSpeaker: Ariel KalmanAriel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related securi...
Rebuilding ROADRecon for the Modern Entra Environment (Thomas Byrne)
01 Jul 2025
Contributed by Lukas
https://youtu.be/dTUeAhzmIu8Speaker: Thomas ByrneThomas is a security consultant at Reversec. He has experience in a range of areas including applicat...
Inside Microsoft's Battle Against Cloud-Enabled Deepfake Threats (Alessandro Brucato)
01 Jul 2025
Contributed by Lukas
Speaker: Alessandro BrucatoAlessandro is a senior Threat Research Engineer at Sysdig, working on cloud security. His research mainly focuses on cloud ...
Patience brings prey: lessons learned from a year of threat hunting in the cloud (Greg Foss)
01 Jul 2025
Contributed by Lukas
Speaker: Greg FossGreg Foss is a seasoned cybersecurity leader with over 15 years of experience spanning threat research, security operations, and off...
ECS-cape – Hijacking IAM Privileges in Amazon ECS (Naor Haziz)
01 Jul 2025
Contributed by Lukas
https://youtu.be/WXdB-9pTqAUSpeaker: Naor HazizNaor Haziz is a security researcher and low-level developer at Sweet Security with over seven years of ...
The Good, The Bad, and The Vulnerable: Breaking Down GCP Tenant Projects (Ofir Balassiano)
01 Jul 2025
Contributed by Lukas
https://youtu.be/WUO_-AgpcxsSpeaker: Ofir BalassianoOfir Balassiano leads AI and Cloud security posture research at Palo Alto Networks, uncovering cri...
Data Perimeter Implementation Strategies: It is one thing to know how to configure SCPs/RCPs, and another for your organization to implement them (Agnel Amodia)
01 Jul 2025
Contributed by Lukas
https://youtu.be/Pd6rbBjiXaASpeaker: Agnel AmodiaI’m Agnel Amodia, a Senior Technical Lead at Vanguard Group, specializing in Identity and Access Ma...
IAM Roles Anywhere – now for everyone with Let's Encrypt (Dhruv AHUJA)
01 Jul 2025
Contributed by Lukas
https://youtu.be/M1hXUcBMf1QSpeaker: Dhruv AHUJADhruv is a former SRE and founded Chaser Systems in 2020. He's mostly Wiresharking, tinkering with...
Beyond the Big Three: Mastering Oracle Cloud Security in a Multi-Cloud World (Dani Kaganovitch)
01 Jul 2025
Contributed by Lukas
Speaker: Dani KaganovitchDani Kaganovitch is a Product Manager at RockSteady, a stealth cloud security startup. Before that, Dani worked at Google Clo...
Securing Remote MCP Servers (Jake Berkowsky)
01 Jul 2025
Contributed by Lukas
https://youtu.be/9-e4VVPlWB8Speaker: Jake BerkowskyJake is a Principal Architect heading Snowflake's Cybersecurity Data Cloud. At Snowflake, Jake&...
whoAMI: Discovering and exploiting a large-scale AMI name confusion attack (Seth Art)
01 Jul 2025
Contributed by Lukas
Speaker: Seth ArtSeth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penet...
Detecting the Undetectable: Threat Hunting in Appliance Environments (Shahar Dorfman & Sagi Tzadik)
01 Jul 2025
Contributed by Lukas
https://www.youtube.com/watch?v=1rfB0Pb0t2oSpeaker: Shahar DorfmanShahar is a threat hunting researcher at Wiz, where she focuses on identifying and a...
Welcome Talk by Aaron Zollman
01 Jul 2025
Contributed by Lukas
https://www.youtube.com/watch?v=p8PZiqXoVTcAn introduction to fwd:cloudsec North America 2025 by Aaron Zollman