Scott Piper
@scottpiper.bsky.social
Cloud security historian.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Pinned
Scott Piper
@scottpiper.bsky.social
· Jan 1
Avoiding mistakes with AWS OIDC integration conditions | Wiz Blog
Secure AWS OIDC integrations by avoiding common misconfigurations. Discover key IAM trust policy conditions for popular SaaS vendors to protect your cloud.
www.wiz.io
I looked at all the AWS OIDC integrations I could find to identify how they might be misconfigured and to understand the variations that different vendors have in how they set these up. www.wiz.io/blog/avoidin...
Reposted by Scott Piper
December is generally a good time for gifts, and I have a special one for you.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
December 19, 2025 at 8:45 PM
December is generally a good time for gifts, and I have a special one for you.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
Cryptomining campaign targeting Amazon EC2 and Amazon ECS | Amazon Web Services
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity ...
aws.amazon.com
December 16, 2025 at 11:48 PM
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
My top picks from re:Invent security announcements: www.wiz.io/blog/top-aws...
Top AWS re:Invent Announcements for Security Teams in 2025 | Wiz Blog
The re:Invent announcements that are most impactful to security teams.
www.wiz.io
December 8, 2025 at 10:35 PM
My top picks from re:Invent security announcements: www.wiz.io/blog/top-aws...
Reposted by Scott Piper
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
cloudsecuritychampionship.com
November 27, 2025 at 1:49 PM
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Reposted by Scott Piper
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Shai-Hulud 2.0: Ongoing Supply Chain Attack | Wiz Blog
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
www.wiz.io
November 24, 2025 at 12:12 PM
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Reposted by Scott Piper
The day has come where we get to announce what we've been working on for the past year 😍
www.duckbillhq.com/blog/skyway-...
www.duckbillhq.com/blog/skyway-...
Skyway: Cloud cost management for the 9-figure club
Introducing Skyway: contract management for enterprise cloud spend. Built by the team overseeing tens-of-billions in enterprise cloud spend.
www.duckbillhq.com
November 18, 2025 at 4:47 PM
The day has come where we get to announce what we've been working on for the past year 😍
www.duckbillhq.com/blog/skyway-...
www.duckbillhq.com/blog/skyway-...
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Backyard APT: A Raccoon Story
Raccoons are both advanced and persistent threats. After one attacked my chihuahua Jolene, I declared war on my backyard invaders. Through ultrasonic deterrents, motion-activated sprinklers, and wacky...
engseclabs.com
November 11, 2025 at 5:24 PM
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
October 27, 2025 at 1:47 PM
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Reposted by Scott Piper
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
October 23, 2025 at 12:51 PM
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
Stephen Gutowski on X: "Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great." / X
Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great.
x.com
October 13, 2025 at 12:45 AM
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
A company's website, API, and email were unavailable because "attackers socially engineered AWS into freezing its domain". www.theregister.com/2025/10/02/s...
Kodex outage blamed on AWS social engineering attack
: Software maker Kodex said its domain registrar fell for a fraudulent legal order
www.theregister.com
October 6, 2025 at 2:41 PM
A company's website, API, and email were unavailable because "attackers socially engineered AWS into freezing its domain". www.theregister.com/2025/10/02/s...
Reposted by Scott Piper
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
September 30, 2025 at 5:39 PM
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
I really like the announcements that have been coming out of Cloudflare. In this latest one, SSO for everyone (not just enterprise). blog.cloudflare.com/enterprise-g...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Every Cloudflare feature, available to everyone
Cloudflare is making every feature available to any customer.
blog.cloudflare.com
September 30, 2025 at 2:33 PM
I really like the announcements that have been coming out of Cloudflare. In this latest one, SSO for everyone (not just enterprise). blog.cloudflare.com/enterprise-g...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Reposted by Scott Piper
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
AWS announces EC2 instance attestation - AWS
Discover more about what's new at AWS with AWS announces EC2 instance attestation
aws.amazon.com
September 30, 2025 at 3:06 AM
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
S3 SOAP API is being deprecated in a month (Oct 31). docs.aws.amazon.com/AmazonS3/lat...
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
Appendix: SOAP API - Amazon Simple Storage Service
Describes the SOAP API with respect to service, bucket, and object operations that you can perform on the Amazon S3 web service.
docs.aws.amazon.com
September 29, 2025 at 3:21 PM
S3 SOAP API is being deprecated in a month (Oct 31). docs.aws.amazon.com/AmazonS3/lat...
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
The first step toward an organization of organizations. aws.amazon.com/about-aws/wh...
Billing View now supports cost management data from multiple organizations - AWS
Discover more about what's new at AWS with Billing View now supports cost management data from multiple organizations
aws.amazon.com
September 26, 2025 at 6:51 PM
The first step toward an organization of organizations. aws.amazon.com/about-aws/wh...
Random thing I noticed which I don't think has value but I'm recording it anyway: S3 is known to have a global namespace which can be seen with the ":::" in the arn. Ex. arn:aws:s3:::amzn-s3-demo-bucket. But other global namespaces exist. 1/2
September 24, 2025 at 4:17 PM
Random thing I noticed which I don't think has value but I'm recording it anyway: S3 is known to have a global namespace which can be seen with the ":::" in the arn. Ex. arn:aws:s3:::amzn-s3-demo-bucket. But other global namespaces exist. 1/2
Gal Nagli has opened my eyes to a speed and scale of web hacking that would be terrifying if he wasn't using those skills to help companies. He has put together a CTF challenge to showcase some of his most effective techniques. Check it out! www.cloudsecuritychampionship.com/challenge/4
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
www.cloudsecuritychampionship.com
September 24, 2025 at 2:24 PM
Gal Nagli has opened my eyes to a speed and scale of web hacking that would be terrifying if he wasn't using those skills to help companies. He has put together a CTF challenge to showcase some of his most effective techniques. Check it out! www.cloudsecuritychampionship.com/challenge/4
A write-up that believes this story is propaganda and might have just been for spam. cybersect.substack.com/p/that-secre...
September 24, 2025 at 12:20 PM
A write-up that believes this story is propaganda and might have just been for spam. cybersect.substack.com/p/that-secre...
The secret service found a setup for disrupting cell services in the NYC area. www.secretservice.gov/newsroom/rel...
U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area | United States Secret Service
www.secretservice.gov
September 23, 2025 at 2:09 PM
The secret service found a setup for disrupting cell services in the NYC area. www.secretservice.gov/newsroom/rel...
GitHub's plan to better secure the npm supply chain: github.blog/security/sup...
Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.
github.blog
September 23, 2025 at 2:07 PM
GitHub's plan to better secure the npm supply chain: github.blog/security/sup...
Reposted by Scott Piper
Check out the full schedule here: fwdcloudsec.org/conference/...
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
fwd:cloudsec Europe 2025 - Day 1
Full schedule: https://fwdcloudsec.org/conference/north-america/schedule.htmlJoin the conversation on Slack: https://fwdcloudsec.org/forum/
www.youtube.com
September 15, 2025 at 4:40 AM
Check out the full schedule here: fwdcloudsec.org/conference/...
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Reposted by Scott Piper
fwd:cloudsec Europe 2025 - Day 1
YouTube video by fwd:cloudsec
youtube.com
September 15, 2025 at 7:07 AM
An interesting evolution in malware that occurred in roughly the past month is malware calling AI from the payload. We've seen malware and other artifacts (ex. phishing emails) as the OUTPUT of AI, but now malware is bringing the INPUT to AI. 1/2
September 3, 2025 at 6:00 PM
An interesting evolution in malware that occurred in roughly the past month is malware calling AI from the payload. We've seen malware and other artifacts (ex. phishing emails) as the OUTPUT of AI, but now malware is bringing the INPUT to AI. 1/2