Scott Piper
@scottpiper.bsky.social
Cloud security historian.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Pinned
Scott Piper
@scottpiper.bsky.social
· Jan 1
Avoiding mistakes with AWS OIDC integration conditions | Wiz Blog
Secure AWS OIDC integrations by avoiding common misconfigurations. Discover key IAM trust policy conditions for popular SaaS vendors to protect your cloud.
www.wiz.io
I looked at all the AWS OIDC integrations I could find to identify how they might be misconfigured and to understand the variations that different vendors have in how they set these up. www.wiz.io/blog/avoidin...
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Backyard APT: A Raccoon Story
Raccoons are both advanced and persistent threats. After one attacked my chihuahua Jolene, I declared war on my backyard invaders. Through ultrasonic deterrents, motion-activated sprinklers, and wacky...
engseclabs.com
November 11, 2025 at 5:24 PM
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
October 27, 2025 at 1:47 PM
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Reposted by Scott Piper
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
October 23, 2025 at 12:51 PM
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
Stephen Gutowski on X: "Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great." / X
Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great.
x.com
October 13, 2025 at 12:45 AM
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
A company's website, API, and email were unavailable because "attackers socially engineered AWS into freezing its domain". www.theregister.com/2025/10/02/s...
Kodex outage blamed on AWS social engineering attack
: Software maker Kodex said its domain registrar fell for a fraudulent legal order
www.theregister.com
October 6, 2025 at 2:41 PM
A company's website, API, and email were unavailable because "attackers socially engineered AWS into freezing its domain". www.theregister.com/2025/10/02/s...
Reposted by Scott Piper
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
September 30, 2025 at 5:39 PM
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
I really like the announcements that have been coming out of Cloudflare. In this latest one, SSO for everyone (not just enterprise). blog.cloudflare.com/enterprise-g...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Every Cloudflare feature, available to everyone
Cloudflare is making every feature available to any customer.
blog.cloudflare.com
September 30, 2025 at 2:33 PM
I really like the announcements that have been coming out of Cloudflare. In this latest one, SSO for everyone (not just enterprise). blog.cloudflare.com/enterprise-g...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Reposted by Scott Piper
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
AWS announces EC2 instance attestation - AWS
Discover more about what's new at AWS with AWS announces EC2 instance attestation
aws.amazon.com
September 30, 2025 at 3:06 AM
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
S3 SOAP API is being deprecated in a month (Oct 31). docs.aws.amazon.com/AmazonS3/lat...
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
Appendix: SOAP API - Amazon Simple Storage Service
Describes the SOAP API with respect to service, bucket, and object operations that you can perform on the Amazon S3 web service.
docs.aws.amazon.com
September 29, 2025 at 3:21 PM
S3 SOAP API is being deprecated in a month (Oct 31). docs.aws.amazon.com/AmazonS3/lat...
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
The first step toward an organization of organizations. aws.amazon.com/about-aws/wh...
Billing View now supports cost management data from multiple organizations - AWS
Discover more about what's new at AWS with Billing View now supports cost management data from multiple organizations
aws.amazon.com
September 26, 2025 at 6:51 PM
The first step toward an organization of organizations. aws.amazon.com/about-aws/wh...
Random thing I noticed which I don't think has value but I'm recording it anyway: S3 is known to have a global namespace which can be seen with the ":::" in the arn. Ex. arn:aws:s3:::amzn-s3-demo-bucket. But other global namespaces exist. 1/2
September 24, 2025 at 4:17 PM
Random thing I noticed which I don't think has value but I'm recording it anyway: S3 is known to have a global namespace which can be seen with the ":::" in the arn. Ex. arn:aws:s3:::amzn-s3-demo-bucket. But other global namespaces exist. 1/2
Gal Nagli has opened my eyes to a speed and scale of web hacking that would be terrifying if he wasn't using those skills to help companies. He has put together a CTF challenge to showcase some of his most effective techniques. Check it out! www.cloudsecuritychampionship.com/challenge/4
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
www.cloudsecuritychampionship.com
September 24, 2025 at 2:24 PM
Gal Nagli has opened my eyes to a speed and scale of web hacking that would be terrifying if he wasn't using those skills to help companies. He has put together a CTF challenge to showcase some of his most effective techniques. Check it out! www.cloudsecuritychampionship.com/challenge/4
A write-up that believes this story is propaganda and might have just been for spam. cybersect.substack.com/p/that-secre...
September 24, 2025 at 12:20 PM
A write-up that believes this story is propaganda and might have just been for spam. cybersect.substack.com/p/that-secre...
The secret service found a setup for disrupting cell services in the NYC area. www.secretservice.gov/newsroom/rel...
U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area | United States Secret Service
www.secretservice.gov
September 23, 2025 at 2:09 PM
The secret service found a setup for disrupting cell services in the NYC area. www.secretservice.gov/newsroom/rel...
GitHub's plan to better secure the npm supply chain: github.blog/security/sup...
Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.
github.blog
September 23, 2025 at 2:07 PM
GitHub's plan to better secure the npm supply chain: github.blog/security/sup...
Reposted by Scott Piper
Check out the full schedule here: fwdcloudsec.org/conference/...
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
fwd:cloudsec Europe 2025 - Day 1
Full schedule: https://fwdcloudsec.org/conference/north-america/schedule.htmlJoin the conversation on Slack: https://fwdcloudsec.org/forum/
www.youtube.com
September 15, 2025 at 4:40 AM
Check out the full schedule here: fwdcloudsec.org/conference/...
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Reposted by Scott Piper
fwd:cloudsec Europe 2025 - Day 1
YouTube video by fwd:cloudsec
youtube.com
September 15, 2025 at 7:07 AM
An interesting evolution in malware that occurred in roughly the past month is malware calling AI from the payload. We've seen malware and other artifacts (ex. phishing emails) as the OUTPUT of AI, but now malware is bringing the INPUT to AI. 1/2
September 3, 2025 at 6:00 PM
An interesting evolution in malware that occurred in roughly the past month is malware calling AI from the payload. We've seen malware and other artifacts (ex. phishing emails) as the OUTPUT of AI, but now malware is bringing the INPUT to AI. 1/2
Reposted by Scott Piper
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Canary tokens: Learn all about the unsung heroes of security at Grafana Labs | Grafana Labs
Learn why the use of canary tokens let us spot a recent intrusion and swarm quickly in response, and find out why you should be using canary tokens to prevent serious security incidents in the future.
grafana.com
August 26, 2025 at 8:20 AM
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Netskope filing for their IPO. From their S-1, $707M ARR with $354M annual net loss. www.sec.gov/Archives/edg...
S-1
www.sec.gov
August 25, 2025 at 11:55 AM
Netskope filing for their IPO. From their S-1, $707M ARR with $354M annual net loss. www.sec.gov/Archives/edg...
Reposted by Scott Piper
Old and busted: Cloud attackers making noisy List/Describe calls.
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer | Datadog Security Labs
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
securitylabs.datadoghq.com
August 19, 2025 at 4:10 PM
Old and busted: Cloud attackers making noisy List/Describe calls.
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
New hotness: Laundering enumeration calls through an AWS service silently.
Or at least, that used to work, until @datadoghq.com partnered with AWS to close this gap. Read more here:
securitylabs.datadoghq.com/articles/enu...
Reposted by Scott Piper
Working on a blog post: what AWS things aren’t true anymore, but used to be?
Example: I still get surprised that I don’t have to shut down an ec2 instance to change its security group.
Example: I still get surprised that I don’t have to shut down an ec2 instance to change its security group.
August 13, 2025 at 1:21 AM
Working on a blog post: what AWS things aren’t true anymore, but used to be?
Example: I still get surprised that I don’t have to shut down an ec2 instance to change its security group.
Example: I still get surprised that I don’t have to shut down an ec2 instance to change its security group.
Reposted by Scott Piper
Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
Introducing Wiz for Exposure Management | Wiz Blog
Wiz now supports exposure management across cloud, code, and on-prem – combining scanner data into one view to help teams prioritize and fix real risk.
www.wiz.io
August 6, 2025 at 12:41 PM
Introducing... 🥁 Say hello to Wiz for Exposure Management! 🥳
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
Wiz for Exposure Management is a NEW way to unify, prioritize, and fix exposures everywhere it lives: in your cloud, code, and on-prem infrastructure.
Learn more: www.wiz.io/blog/wiz-for...
It's great to see Microsoft continue to invest in a public bug bounty program for their cloud. One cloud provider does not have this. msrc.microsoft.com/blog/2025/08...
Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards | MSRC Blog
| Microsoft Security Response Center
Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards
msrc.microsoft.com
August 4, 2025 at 5:43 PM
It's great to see Microsoft continue to invest in a public bug bounty program for their cloud. One cloud provider does not have this. msrc.microsoft.com/blog/2025/08...
Reposted by Scott Piper
AWS growth at 17.5% is healthy but represents a slight deceleration from the 19% growth seen in Q2 2024.
Margins fell 35.5% to 32.9% YoY despite charging profane rates for new things ($9 per resource per month that IAM Internal Access Analyzer watches?!)
Margins fell 35.5% to 32.9% YoY despite charging profane rates for new things ($9 per resource per month that IAM Internal Access Analyzer watches?!)
Amazon reports Q2 AWS revenue up 17.5% YoY to $30.9B, vs. $30.8B est., and AWS operating income up 8.8% YoY to $10.2B (Annie Palmer/CNBC)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
July 31, 2025 at 8:21 PM
AWS growth at 17.5% is healthy but represents a slight deceleration from the 19% growth seen in Q2 2024.
Margins fell 35.5% to 32.9% YoY despite charging profane rates for new things ($9 per resource per month that IAM Internal Access Analyzer watches?!)
Margins fell 35.5% to 32.9% YoY despite charging profane rates for new things ($9 per resource per month that IAM Internal Access Analyzer watches?!)