Adan Álvarez #standwithukraine
@flekyy90.bsky.social
adan.cloud
Cyber Security Engineer interested in Pentesting | Cloud Security | Adversary Emulation | Threat Hunting | Purple Teaming | Bug Bounties | SecDevOps
Cyber Security Engineer interested in Pentesting | Cloud Security | Adversary Emulation | Threat Hunting | Purple Teaming | Bug Bounties | SecDevOps
𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐞 is one of the first goals for an attacker in AWS, and 𝐂𝐨𝐝𝐞𝐁𝐮𝐢𝐥𝐝 can help them get it.
In my latest blog, I walk through how an attacker could abuse AWS CodeBuild + GitHub Actions to maintain long-term access in a compromised AWS account:
medium.com/@adan.alvare...
In my latest blog, I walk through how an attacker could abuse AWS CodeBuild + GitHub Actions to maintain long-term access in a compromised AWS account:
medium.com/@adan.alvare...
Gaining Long-Term AWS Access with CodeBuild and GitHub
Discover how attackers can abuse AWS CodeBuild and GitHub Actions to gain stealthy persistence in compromised AWS environments.
medium.com
April 18, 2025 at 7:23 AM
𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐞 is one of the first goals for an attacker in AWS, and 𝐂𝐨𝐝𝐞𝐁𝐮𝐢𝐥𝐝 can help them get it.
In my latest blog, I walk through how an attacker could abuse AWS CodeBuild + GitHub Actions to maintain long-term access in a compromised AWS account:
medium.com/@adan.alvare...
In my latest blog, I walk through how an attacker could abuse AWS CodeBuild + GitHub Actions to maintain long-term access in a compromised AWS account:
medium.com/@adan.alvare...
When securing AWS, you can build different solutions with native services, but which one works best for 𝐚𝐥𝐞𝐫𝐭𝐢𝐧𝐠 𝐨𝐧 𝐬𝐮𝐬𝐩𝐢𝐜𝐢𝐨𝐮𝐬 𝐀𝐏𝐈 𝐜𝐚𝐥𝐥𝐬? In my latest article, I break down three AWS-native alerting methods, comparing their time to alert, cost, and ease of use: medium.com/@adan.alvare...
DIY — Evaluating AWS Native Approaches for Detecting Suspicious API Calls
While in my previous articles from the DIY series, I explored how to build solutions with LLMs (Using Semgrep with LLMs and Building a…
medium.com
March 6, 2025 at 5:56 PM
When securing AWS, you can build different solutions with native services, but which one works best for 𝐚𝐥𝐞𝐫𝐭𝐢𝐧𝐠 𝐨𝐧 𝐬𝐮𝐬𝐩𝐢𝐜𝐢𝐨𝐮𝐬 𝐀𝐏𝐈 𝐜𝐚𝐥𝐥𝐬? In my latest article, I break down three AWS-native alerting methods, comparing their time to alert, cost, and ease of use: medium.com/@adan.alvare...
Reposted by Adan Álvarez #standwithukraine
New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...
x.com/safe/status/...
Safe.eth on X: "Investigation Updates and Community Call to Action" / X
Investigation Updates and Community Call to Action
x.com
March 6, 2025 at 5:21 PM
New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...
x.com/safe/status/...
Breached? Not Game Over!
When an attacker gets access to your account, it is just the beginning of the game, not the end.
In my latest article, I explain how we can rig the game to stop attackers before real damage happens.
🔗Read here: medium.com/@adan.alvare... #CyberSecurity #AWS #CloudSecurity
When an attacker gets access to your account, it is just the beginning of the game, not the end.
In my latest article, I explain how we can rig the game to stop attackers before real damage happens.
🔗Read here: medium.com/@adan.alvare... #CyberSecurity #AWS #CloudSecurity
Breached? Not Game Over: Learn How to Turn the Tables on AWS Attackers!
A breach in AWS isn’t game over, initial access is just the first move. Learn how to rig the game and win.
medium.com
February 13, 2025 at 7:37 AM
Breached? Not Game Over!
When an attacker gets access to your account, it is just the beginning of the game, not the end.
In my latest article, I explain how we can rig the game to stop attackers before real damage happens.
🔗Read here: medium.com/@adan.alvare... #CyberSecurity #AWS #CloudSecurity
When an attacker gets access to your account, it is just the beginning of the game, not the end.
In my latest article, I explain how we can rig the game to stop attackers before real damage happens.
🔗Read here: medium.com/@adan.alvare... #CyberSecurity #AWS #CloudSecurity
I built a PoC using Amazon Bedrock to automate security questionnaires. A centralized, secure knowledge base + zero cost when idle makes it perfect for occasional use. medium.com/@adan.alvare...
DIY — Building a Cost-Effective Questionnaire Automation with Bedrock
Security questionnaires are very common today. When customers consider your product, especially if you’re a startup, they often ask for…
medium.com
January 23, 2025 at 7:20 AM
I built a PoC using Amazon Bedrock to automate security questionnaires. A centralized, secure knowledge base + zero cost when idle makes it perfect for occasional use. medium.com/@adan.alvare...
Reposted by Adan Álvarez #standwithukraine
Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware?
IBAN for donations is available here:
www.ccc.de/en/updates/2...
Talks for context
media.ccc.de/v/37c3-12142...
streaming.media.ccc.de/38c3/relive/...
IBAN for donations is available here:
www.ccc.de/en/updates/2...
Talks for context
media.ccc.de/v/37c3-12142...
streaming.media.ccc.de/38c3/relive/...
December 28, 2024 at 9:29 AM
Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware?
IBAN for donations is available here:
www.ccc.de/en/updates/2...
Talks for context
media.ccc.de/v/37c3-12142...
streaming.media.ccc.de/38c3/relive/...
IBAN for donations is available here:
www.ccc.de/en/updates/2...
Talks for context
media.ccc.de/v/37c3-12142...
streaming.media.ccc.de/38c3/relive/...
Learn how attackers abuse STS GetFederationToken for AWS persistence and how a proper incident response can make it useless. medium.com/@adan.alvare...
GetFederationToken: A Simple AWS Persistence Technique Used in the Wild
My last two articles (how attackers can abuse IAM Roles Anywhere for persistent AWS access and gaining AWS persistence by updating a SAML…
medium.com
December 9, 2024 at 10:01 AM
Learn how attackers abuse STS GetFederationToken for AWS persistence and how a proper incident response can make it useless. medium.com/@adan.alvare...
My latest contributions to Stratus Red Team are live in v2.20.0! 🎉
Stratus Red Team v2.20.0 is now available, with great contributions from @flekyy90.bsky.social allowing you to reproduce AWS TTPs seen in the wild!
➔ Use GetFederationToken to generate temporary credentials
➔ Use SendSerialConsoleSSHPublicKey to pivot to EC2 instances
github.com/DataDog/stra...
➔ Use GetFederationToken to generate temporary credentials
➔ Use SendSerialConsoleSSHPublicKey to pivot to EC2 instances
github.com/DataDog/stra...
December 4, 2024 at 9:40 PM
My latest contributions to Stratus Red Team are live in v2.20.0! 🎉
🎄 Want to boost your AWS security this holiday season? Today in #AdventOfCloudSecurity, I’ll show you how to use HoneyTrail to set traps for attackers. If they snoop around, you’ll know! 🎁 Check out daily videos on AWS, Azure, GCP & more: advent.cloudsecuritypodcast.tv #CloudSecurity
Advent of Cloud Security
Presented by Cloud Security Podcast, Advent of Cloud Security is a 24 day event where we drop new video every single day.
advent.cloudsecuritypodcast.tv
December 3, 2024 at 6:34 PM
🎄 Want to boost your AWS security this holiday season? Today in #AdventOfCloudSecurity, I’ll show you how to use HoneyTrail to set traps for attackers. If they snoop around, you’ll know! 🎁 Check out daily videos on AWS, Azure, GCP & more: advent.cloudsecuritypodcast.tv #CloudSecurity
Reposted by Adan Álvarez #standwithukraine
Want to keep up to date with Datadog’s Cloud Security Research? We’ve got a starter pack for that. All of our researchers in one feed.
go.bsky.app/8XpcFm5
go.bsky.app/8XpcFm5
November 18, 2024 at 1:21 PM
Want to keep up to date with Datadog’s Cloud Security Research? We’ve got a starter pack for that. All of our researchers in one feed.
go.bsky.app/8XpcFm5
go.bsky.app/8XpcFm5
AWS's IAM Roles Anywhere, allows external systems to obtain temporary AWS credentials via a trusted Certificate Authority (CA). While enhancing secure access, it can be exploited if attackers establish trust with a CA they control. Learn about it in my latest article: link.medium.com/C4CBuJyfzOb
link.medium.com
November 16, 2024 at 9:14 AM
AWS's IAM Roles Anywhere, allows external systems to obtain temporary AWS credentials via a trusted Certificate Authority (CA). While enhancing secure access, it can be exploited if attackers establish trust with a CA they control. Learn about it in my latest article: link.medium.com/C4CBuJyfzOb