Real-world cloud security. Explained and applied.
BloodHound Enterprise expands its reach beyond Microsoft to map identity attack paths that traverse Okta and GitHub. In companies where identity is the new perimeter, this expansion makes it possible to see (and prioritize) real chaining between SSO, repositories, and privileges.
Serverless removes servers to manage, it does not remove risk. We debunk common myths and get practical: excessive permissions, exposed endpoints, event injection, vulnerable dependencies, and poorly managed secrets in AWS Lambda, Azure Functions, and GCP Cloud Functions, as well as how attackers pivot from a compromised function and which quick wins to apply in production.
Many cloud architectures pass design audits and “look secure” in diagrams. The problem appears when you have to reconstruct an incident and the logs don’t exist, don’t cover what’s critical, or aren’t trustworthy. This article walks through what usually fails in CloudTrail/Activity Logs, how it gets detected too late, and what to validate in practice to avoid a false sense of control.