Christophe Tafani-Dereeper
@christophetd.fr
Cloud and container security • Security research and open source at Datadog
🇨🇭🇫🇷
https://christophetd.fr
🇨🇭🇫🇷
https://christophetd.fr
Getting ready for DEF CON next week!
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
July 28, 2025 at 10:24 AM
Getting ready for DEF CON next week!
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
Looks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
July 18, 2025 at 10:34 PM
Looks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
x.com/JounQin/stat...
www.linkedin.com/feed/update/...
github.com/prettier/esl...
Stratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
June 23, 2025 at 12:04 PM
Stratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...
Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
Solid way to start the week
June 10, 2025 at 9:38 AM
Solid way to start the week
L'ANSSI vient de sortir un rapport sur la menace dans les environnements cloud, en Français : www.cert.ssi.gouv.fr/uploads/CERT...
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
February 24, 2025 at 12:53 PM
L'ANSSI vient de sortir un rapport sur la menace dans les environnements cloud, en Français : www.cert.ssi.gouv.fr/uploads/CERT...
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
Au programme :
• Menaces ciblant les fournisseurs
• Menaces ciblant les utilisateurs finaux
• L'usage que les attaquants font du cloud
@anssi-fr.bsky.social
As an European, the term "deportation" is always painful to hear, especially on the topic of immigrants and political oponents
(it doesn't have the same meaning as in French, but it's spelled the same)
(it doesn't have the same meaning as in French, but it's spelled the same)
January 22, 2025 at 12:19 PM
As an European, the term "deportation" is always painful to hear, especially on the topic of immigrants and political oponents
(it doesn't have the same meaning as in French, but it's spelled the same)
(it doesn't have the same meaning as in French, but it's spelled the same)
New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way
securitylabs.datadoghq.com/articles/mut...
securitylabs.datadoghq.com/articles/mut...
December 16, 2024 at 1:09 PM
New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way
securitylabs.datadoghq.com/articles/mut...
securitylabs.datadoghq.com/articles/mut...
I'll be at BSides London tomorrow, looking forward to it!
Schedule looks amazing: cfp.securitybsides.org.uk/bsides-londo...
cc @bsideslondon.bsky.social
Schedule looks amazing: cfp.securitybsides.org.uk/bsides-londo...
cc @bsideslondon.bsky.social
December 13, 2024 at 9:27 AM
I'll be at BSides London tomorrow, looking forward to it!
Schedule looks amazing: cfp.securitybsides.org.uk/bsides-londo...
cc @bsideslondon.bsky.social
Schedule looks amazing: cfp.securitybsides.org.uk/bsides-londo...
cc @bsideslondon.bsky.social
Supply-chain attack in the ultralytics PyPI package: github.com/ultralytics/...
An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.
They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub
An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.
They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub
December 5, 2024 at 5:12 PM
Supply-chain attack in the ultralytics PyPI package: github.com/ultralytics/...
An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.
They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub
An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.
They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub
Stratus Red Team v2.20.0 is now available, with great contributions from @flekyy90.bsky.social allowing you to reproduce AWS TTPs seen in the wild!
➔ Use GetFederationToken to generate temporary credentials
➔ Use SendSerialConsoleSSHPublicKey to pivot to EC2 instances
github.com/DataDog/stra...
➔ Use GetFederationToken to generate temporary credentials
➔ Use SendSerialConsoleSSHPublicKey to pivot to EC2 instances
github.com/DataDog/stra...
December 4, 2024 at 4:21 PM
Stratus Red Team v2.20.0 is now available, with great contributions from @flekyy90.bsky.social allowing you to reproduce AWS TTPs seen in the wild!
➔ Use GetFederationToken to generate temporary credentials
➔ Use SendSerialConsoleSSHPublicKey to pivot to EC2 instances
github.com/DataDog/stra...
➔ Use GetFederationToken to generate temporary credentials
➔ Use SendSerialConsoleSSHPublicKey to pivot to EC2 instances
github.com/DataDog/stra...
C2 is currently down
December 4, 2024 at 12:20 AM
C2 is currently down
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
December 3, 2024 at 11:47 PM
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
the "previous third party" who left the web shell
November 21, 2024 at 11:08 PM
the "previous third party" who left the web shell
Great new feature in Terraform (v1.10.0 RC): ephemeral resources!
Perfect when you need to retrieve credentials that you don't want to persist in the state.
developer.hashicorp.com/terraform/la...
Currently supports aws_lambda_invocation, aws_kms_secrets, and aws_secretsmanager_secret_version
Perfect when you need to retrieve credentials that you don't want to persist in the state.
developer.hashicorp.com/terraform/la...
Currently supports aws_lambda_invocation, aws_kms_secrets, and aws_secretsmanager_secret_version
November 21, 2024 at 9:30 PM
Great new feature in Terraform (v1.10.0 RC): ephemeral resources!
Perfect when you need to retrieve credentials that you don't want to persist in the state.
developer.hashicorp.com/terraform/la...
Currently supports aws_lambda_invocation, aws_kms_secrets, and aws_secretsmanager_secret_version
Perfect when you need to retrieve credentials that you don't want to persist in the state.
developer.hashicorp.com/terraform/la...
Currently supports aws_lambda_invocation, aws_kms_secrets, and aws_secretsmanager_secret_version
November 2024 bluesky community vibes
November 18, 2024 at 4:53 PM
November 2024 bluesky community vibes
when I can automate a task
May 11, 2023 at 1:43 PM
when I can automate a task
"Hey, I wonder what's new in Ubuntu 22.04 LTS"
*reads*
*indistinct nervous laughter*
*reads*
*indistinct nervous laughter*
May 3, 2023 at 5:54 PM
"Hey, I wonder what's new in Ubuntu 22.04 LTS"
*reads*
*indistinct nervous laughter*
*reads*
*indistinct nervous laughter*