Christophe Tafani-Dereeper
@christophetd.fr
Cloud and container security • Security research and open source at Datadog
🇨🇭🇫🇷
https://christophetd.fr
🇨🇭🇫🇷
https://christophetd.fr
Pinned
Christophe Tafani-Dereeper
Personal tech and security blog about things I like, use, dislike and misuse.
blog.christophetd.fr
Welcome to everyone joining Bluesky!
👋 I'm working as a cloud security researcher at Datadog and I write about cloud security, container security and related open-source projects.
Personal blog: blog.christophetd.fr
OSS work: github.com/christophetd/
Talks: christophetd.fr#:~:text=Wind...
👋 I'm working as a cloud security researcher at Datadog and I write about cloud security, container security and related open-source projects.
Personal blog: blog.christophetd.fr
OSS work: github.com/christophetd/
Talks: christophetd.fr#:~:text=Wind...
If you're in cloud security, do have a look at this piece of research I've been working on! Feedback / thoughts welcome
Our State of Cloud Security 2025 study is out!
www.datadoghq.com/state-of-clo...
• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
www.datadoghq.com/state-of-clo...
• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.
www.datadoghq.com
October 8, 2025 at 9:40 PM
If you're in cloud security, do have a look at this piece of research I've been working on! Feedback / thoughts welcome
Reposted by Christophe Tafani-Dereeper
The EU is advancing legislation requiring all messaging platforms to scan private messages, even in encrypted apps like Signal/WhatsApp/Telegram.
600+ security researchers oppose ChatControl for being technically flawed.
Learn more about it 👉 metalhearf.fr/posts/chatco...
#ChatControl #privacy
600+ security researchers oppose ChatControl for being technically flawed.
Learn more about it 👉 metalhearf.fr/posts/chatco...
#ChatControl #privacy
ChatControl wants to scan all your private messages
The EU is pushing legislation that would scan all our private messages, even in encrypted apps.
metalhearf.fr
September 25, 2025 at 4:11 PM
The EU is advancing legislation requiring all messaging platforms to scan private messages, even in encrypted apps like Signal/WhatsApp/Telegram.
600+ security researchers oppose ChatControl for being technically flawed.
Learn more about it 👉 metalhearf.fr/posts/chatco...
#ChatControl #privacy
600+ security researchers oppose ChatControl for being technically flawed.
Learn more about it 👉 metalhearf.fr/posts/chatco...
#ChatControl #privacy
If you're into cloud security, fwd:cloudsec Europe is now live.
Schedule: fwdcloudsec.org/conference/e...
Schedule: fwdcloudsec.org/conference/e...
September 15, 2025 at 7:12 AM
If you're into cloud security, fwd:cloudsec Europe is now live.
Schedule: fwdcloudsec.org/conference/e...
Schedule: fwdcloudsec.org/conference/e...
Reposted by Christophe Tafani-Dereeper
I did a bit more looking into the upcoming bitnami deprecation. The images are still getting millions of pulls a week, so depending on exactly what tags vanish next week, there could be a lot of broken deploys on the 28th!
raesene.github.io/blog/2025/08...
raesene.github.io/blog/2025/08...
Bitnami Deprecation
raesene.github.io
August 21, 2025 at 1:11 PM
I did a bit more looking into the upcoming bitnami deprecation. The images are still getting millions of pulls a week, so depending on exactly what tags vanish next week, there could be a lot of broken deploys on the 28th!
raesene.github.io/blog/2025/08...
raesene.github.io/blog/2025/08...
@micahflee.com thank you for the amazing and inspiring defcon talk
August 10, 2025 at 1:11 AM
@micahflee.com thank you for the amazing and inspiring defcon talk
I arbitrarily picked a list of 50 talks I'm most excited about that are happening next week at DEF CON / Black Hat / BSides LV / The Diana Initiative.
I'll also add recordings/slides to this list when they become available!
I'll also add recordings/slides to this list when they become available!
Datadog guide to Hacker Summer Camp 2025, amd the top 50 talks we're excited about
securitylabs.datadoghq.com/articles/hac...
securitylabs.datadoghq.com/articles/hac...
Datadog guide to Hacker Summer Camp 2025 | Datadog Security Labs
Get ready to take on Hacker Summer Camp with our guide on planning, prepping, and schedules for Datadog events.
securitylabs.datadoghq.com
July 29, 2025 at 8:17 PM
I arbitrarily picked a list of 50 talks I'm most excited about that are happening next week at DEF CON / Black Hat / BSides LV / The Diana Initiative.
I'll also add recordings/slides to this list when they become available!
I'll also add recordings/slides to this list when they become available!
Getting ready for DEF CON next week!
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
July 28, 2025 at 10:24 AM
Getting ready for DEF CON next week!
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
Looks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
July 18, 2025 at 10:34 PM
Looks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
Stratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
June 23, 2025 at 12:04 PM
Stratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
The MCP spec has been updated to include security best practices
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
Security Best Practices - Model Context Protocol
modelcontextprotocol.io
June 23, 2025 at 9:07 AM
The MCP spec has been updated to include security best practices
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
Solid way to start the week
June 10, 2025 at 9:38 AM
Solid way to start the week
If you're a cloud practitioner based in Europe, definitely submit to fwd:cloudsec Berlin happening in September!
We're actively seeking submissions from first time speakers and non-security folks. In that case, you can submit by May 30th and get initial feedback on your submission!
We're actively seeking submissions from first time speakers and non-security folks. In that case, you can submit by May 30th and get initial feedback on your submission!
The CFP for fwd:cloudsec Europe is now open! We're looking for practitioner-focused cloud security content, and we encourage all practitioners to submit, whatever your role or level of experience.
The CFP is open until July 11th. Read more: fwdcloudsec.org/conference/e...
The CFP is open until July 11th. Read more: fwdcloudsec.org/conference/e...
CFP | EU 2025 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
May 8, 2025 at 10:39 AM
If you're a cloud practitioner based in Europe, definitely submit to fwd:cloudsec Berlin happening in September!
We're actively seeking submissions from first time speakers and non-security folks. In that case, you can submit by May 30th and get initial feedback on your submission!
We're actively seeking submissions from first time speakers and non-security folks. In that case, you can submit by May 30th and get initial feedback on your submission!
Reposted by Christophe Tafani-Dereeper
Ticket sales for fwd:cloudsec Europe 2025 goes live on April 22nd, first batch at 9 AM CET and a second batch at 7PM CET. Tickets are sold through Swoogo, link at fwdcloudsec.org/conference/e... ..
fwd:cloudsec Europe 2025 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
April 20, 2025 at 6:48 AM
Ticket sales for fwd:cloudsec Europe 2025 goes live on April 22nd, first batch at 9 AM CET and a second batch at 7PM CET. Tickets are sold through Swoogo, link at fwdcloudsec.org/conference/e... ..
Reposted by Christophe Tafani-Dereeper
My story breaking this news exclusively was 7K+ words and had almost all of this in it, and more:
www.npr.org/2025/04/15/n...
www.npr.org/2025/04/15/n...
April 18, 2025 at 1:58 AM
My story breaking this news exclusively was 7K+ words and had almost all of this in it, and more:
www.npr.org/2025/04/15/n...
www.npr.org/2025/04/15/n...
Reposted by Christophe Tafani-Dereeper
The March edition of the Datadog Security Digest is out!
securitylabs.datadoghq.com/newsletters/...
• New MITRE ATT&CK coverage matrix in Stratus Red Team
• Compromised GitHub actions
• Malicious Maven packages
• Exploitation of SSRF vulnerabilities on the rise
• ... and more
securitylabs.datadoghq.com/newsletters/...
• New MITRE ATT&CK coverage matrix in Stratus Red Team
• Compromised GitHub actions
• Malicious Maven packages
• Exploitation of SSRF vulnerabilities on the rise
• ... and more
Malicious Maven packages, SSRFs strike again, and stealing cloud credentials from web applications | Datadog Security Labs
This month’s digest has a little bit of everything—cloud threats, supply chain attacks, and a reminder that yes, attackers are still exploiting SSRFs.
securitylabs.datadoghq.com
March 27, 2025 at 10:21 PM
The March edition of the Datadog Security Digest is out!
securitylabs.datadoghq.com/newsletters/...
• New MITRE ATT&CK coverage matrix in Stratus Red Team
• Compromised GitHub actions
• Malicious Maven packages
• Exploitation of SSRF vulnerabilities on the rise
• ... and more
securitylabs.datadoghq.com/newsletters/...
• New MITRE ATT&CK coverage matrix in Stratus Red Team
• Compromised GitHub actions
• Malicious Maven packages
• Exploitation of SSRF vulnerabilities on the rise
• ... and more
Looking forward to it! ☁️🇪🇺🇩🇪
We’re thrilled to announce that the second edition of fwd:cloudsec Europe will take place on September 15-16 in Berlin!
fwdcloudsec.org/conference/e...
fwdcloudsec.org/conference/e...
fwd:cloudsec Europe 2024 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
March 24, 2025 at 12:36 PM
Looking forward to it! ☁️🇪🇺🇩🇪
Reposted by Christophe Tafani-Dereeper
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
March 24, 2025 at 9:08 AM
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
Reposted by Christophe Tafani-Dereeper
The February edition of the Datadog Security Digest is out!
securitylabs.datadoghq.com/newsletters/...
featuring @sethsec.bsky.social, @mccune.org.uk, @karimscloud.bsky.social, @jcfarris.bsky.social, and more
securitylabs.datadoghq.com/newsletters/...
featuring @sethsec.bsky.social, @mccune.org.uk, @karimscloud.bsky.social, @jcfarris.bsky.social, and more
The whoAMI name confusion attack, modern phishing tactics, and K8s network security fundamentals | Datadog Security Labs
This February edition of the Datadog Security Digest dives into the
securitylabs.datadoghq.com
February 27, 2025 at 4:32 PM
The February edition of the Datadog Security Digest is out!
securitylabs.datadoghq.com/newsletters/...
featuring @sethsec.bsky.social, @mccune.org.uk, @karimscloud.bsky.social, @jcfarris.bsky.social, and more
securitylabs.datadoghq.com/newsletters/...
featuring @sethsec.bsky.social, @mccune.org.uk, @karimscloud.bsky.social, @jcfarris.bsky.social, and more
Reposted by Christophe Tafani-Dereeper
Regular tickets sold out quickly, but Personal Supporter tickets are still available!
Speakers get a ticket, so consider submitting a talk idea to the CFP. Closes April 11.
Scholarship is open: fwdcloudsec.org/conference/n...
Speakers get a ticket, so consider submitting a talk idea to the CFP. Closes April 11.
Scholarship is open: fwdcloudsec.org/conference/n...
Scholarships | NA 2025 | fwd:cloudsec
The fwd:cloudsec scholarship is our way of granting students & people wanting to make a career change with a passion for cloud security an opportunity to attend fwd:cloudsec, network with our attendee...
fwdcloudsec.org
February 26, 2025 at 5:01 PM
Regular tickets sold out quickly, but Personal Supporter tickets are still available!
Speakers get a ticket, so consider submitting a talk idea to the CFP. Closes April 11.
Scholarship is open: fwdcloudsec.org/conference/n...
Speakers get a ticket, so consider submitting a talk idea to the CFP. Closes April 11.
Scholarship is open: fwdcloudsec.org/conference/n...
Si vous êtes sur Paris et avez de l'expérience avec la sécurité de la chaîne d'approvisionement logicielle (supply chain security), Datadog a un poste dans mon équipe qui devrait vous intéresser !
careers.datadoghq.com/detail/66012...
N'hésitez pas à me DM si vous avez des questions.
careers.datadoghq.com/detail/66012...
N'hésitez pas à me DM si vous avez des questions.
Senior Security Advocate - Supply-Chain Security | Datadog Careers
We're building a platform that engineers love to use. Join us, and help usher in the future.
careers.datadoghq.com
February 25, 2025 at 12:31 PM
Si vous êtes sur Paris et avez de l'expérience avec la sécurité de la chaîne d'approvisionement logicielle (supply chain security), Datadog a un poste dans mon équipe qui devrait vous intéresser !
careers.datadoghq.com/detail/66012...
N'hésitez pas à me DM si vous avez des questions.
careers.datadoghq.com/detail/66012...
N'hésitez pas à me DM si vous avez des questions.
@anssi-fr.bsky.social Il serait bien d'utiliser votre nom de domaine officiel comme nom d'utilisateur Bluesky (bsky.social/about/blog/4...), autrement il est impossible de savoir s'il s'agit d'un compte légitime
Idem pour @cert-fr.bsky.social
Idem pour @cert-fr.bsky.social
February 24, 2025 at 12:54 PM
@anssi-fr.bsky.social Il serait bien d'utiliser votre nom de domaine officiel comme nom d'utilisateur Bluesky (bsky.social/about/blog/4...), autrement il est impossible de savoir s'il s'agit d'un compte légitime
Idem pour @cert-fr.bsky.social
Idem pour @cert-fr.bsky.social
L'ANSSI vient de sortir un rapport sur la menace dans les environnements cloud, en Français : www.cert.ssi.gouv.fr/uploads/CERT...
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
February 24, 2025 at 12:53 PM
L'ANSSI vient de sortir un rapport sur la menace dans les environnements cloud, en Français : www.cert.ssi.gouv.fr/uploads/CERT...
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
A refreshing perspective.
Anyone has good resources on Western APTs? I remember reading from a French group that's likely state-sponsored (coucou la DGSE) but that's about it citizenlab.ca/2015/03/morg...
Anyone has good resources on Western APTs? I remember reading from a French group that's likely state-sponsored (coucou la DGSE) but that's about it citizenlab.ca/2015/03/morg...
If you live in the West, it's not often you read about CIA/NSA cyber operations against China. But here's one: "How the NSA Allegedly Hacked China’s Northwestern Polytechnical," a leading Chinese university specializing in aerospace & defence. www.inversecos.com/2025/02/an-i...
An inside look at NSA (Equation Group) TTPs from China’s lense
www.inversecos.com
February 21, 2025 at 9:56 AM
A refreshing perspective.
Anyone has good resources on Western APTs? I remember reading from a French group that's likely state-sponsored (coucou la DGSE) but that's about it citizenlab.ca/2015/03/morg...
Anyone has good resources on Western APTs? I remember reading from a French group that's likely state-sponsored (coucou la DGSE) but that's about it citizenlab.ca/2015/03/morg...
@dirkjanm.io Do you have any Europe-based training planned in the coming months?
(besides the Insomnihack one I will unfortunately be unable to attend - such a shame as I live in Lausanne)
(besides the Insomnihack one I will unfortunately be unable to attend - such a shame as I live in Lausanne)
February 19, 2025 at 10:32 PM
@dirkjanm.io Do you have any Europe-based training planned in the coming months?
(besides the Insomnihack one I will unfortunately be unable to attend - such a shame as I live in Lausanne)
(besides the Insomnihack one I will unfortunately be unable to attend - such a shame as I live in Lausanne)