Greg Foss
@gregfoss.com
Detection Engineering Leader @ Datadog
Views are strictly my own
Views are strictly my own
Reposted by Greg Foss
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker
securitylabs.datadoghq.com/articles/bey...
securitylabs.datadoghq.com/articles/bey...
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker | Datadog Security Labs
This post reports on activity from the 'Mimo' threat actor.
securitylabs.datadoghq.com
July 21, 2025 at 8:57 PM
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker
securitylabs.datadoghq.com/articles/bey...
securitylabs.datadoghq.com/articles/bey...
Reposted by Greg Foss
fwd:cloudsec is around the corner! Don't miss these 3 talks from Datadog researchers Seth Sec, Katie Knowles, Greg Foss, and Anthony Randazzo.
fwdcloudsec.org/conference/n...
@sethsec.bsky.social
@siigil.bsky.social
@gregfoss.com
fwdcloudsec.org/conference/n...
@sethsec.bsky.social
@siigil.bsky.social
@gregfoss.com
June 27, 2025 at 9:02 PM
fwd:cloudsec is around the corner! Don't miss these 3 talks from Datadog researchers Seth Sec, Katie Knowles, Greg Foss, and Anthony Randazzo.
fwdcloudsec.org/conference/n...
@sethsec.bsky.social
@siigil.bsky.social
@gregfoss.com
fwdcloudsec.org/conference/n...
@sethsec.bsky.social
@siigil.bsky.social
@gregfoss.com
Reposted by Greg Foss
I'm so excited to announce that Datadog Security Research is launching a FREE, fully-online, Detection Engineering focused conference called Datadog Detect!
bit.ly/datadog-detect
Our lineup is incredible with experts in the field of detection, response and threat intelligence.
bit.ly/datadog-detect
Our lineup is incredible with experts in the field of detection, response and threat intelligence.
Datadog Detect: Scale your Security Operations with Detection Engineering | Datadog
See metrics from all of your apps, tools & services in one place with Datadog's cloud monitoring as a service solution. Try it for free.
bit.ly
May 10, 2025 at 6:14 PM
I'm so excited to announce that Datadog Security Research is launching a FREE, fully-online, Detection Engineering focused conference called Datadog Detect!
bit.ly/datadog-detect
Our lineup is incredible with experts in the field of detection, response and threat intelligence.
bit.ly/datadog-detect
Our lineup is incredible with experts in the field of detection, response and threat intelligence.
Excited to speak at @fwdcloudsec.org in Denver on June 30 with Anthony Randazzo! We’ll share lessons from a year of cloud threat hunting.
Don’t miss other @securitylabs.datadoghq.com talks from @siigil.bsky.social on EntraID escalation and @sethsec.bsky.social on AMI name confusion as well!
Don’t miss other @securitylabs.datadoghq.com talks from @siigil.bsky.social on EntraID escalation and @sethsec.bsky.social on AMI name confusion as well!
fwd:cloudsec 2025 Speaker Bios & Abstracts | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
May 19, 2025 at 5:24 PM
Excited to speak at @fwdcloudsec.org in Denver on June 30 with Anthony Randazzo! We’ll share lessons from a year of cloud threat hunting.
Don’t miss other @securitylabs.datadoghq.com talks from @siigil.bsky.social on EntraID escalation and @sethsec.bsky.social on AMI name confusion as well!
Don’t miss other @securitylabs.datadoghq.com talks from @siigil.bsky.social on EntraID escalation and @sethsec.bsky.social on AMI name confusion as well!
Reposted by Greg Foss
@datadoghq.com Security Research is heading to RSAC next week! Come join us for any of our talks on the main stage, meet our research team at the Datadog booth, or attend some of the leadership events below!
www.datadoghq.com/event/rsa202...
www.datadoghq.com/event/rsa202...
Datadog at RSA Conference 2025 | Datadog
Datadog at RSA Conference 2025
www.datadoghq.com
April 21, 2025 at 2:39 PM
@datadoghq.com Security Research is heading to RSAC next week! Come join us for any of our talks on the main stage, meet our research team at the Datadog booth, or attend some of the leadership events below!
www.datadoghq.com/event/rsa202...
www.datadoghq.com/event/rsa202...
Today our #Datadog Security Research and Detection Engineering team released our first threat roundup report!
Datadog has unique visibility into threat actor activity targeting cloud environments and this report highlights our key findings from Q4 2024.
securitylabs.datadoghq.com/articles/202...
Datadog has unique visibility into threat actor activity targeting cloud environments and this report highlights our key findings from Q4 2024.
securitylabs.datadoghq.com/articles/202...
Datadog threat roundup: top insights for Q4 2024 | Datadog Security Labs
Threat insights from Datadog Security Labs for Q4 2024.
securitylabs.datadoghq.com
January 24, 2025 at 8:45 PM
Today our #Datadog Security Research and Detection Engineering team released our first threat roundup report!
Datadog has unique visibility into threat actor activity targeting cloud environments and this report highlights our key findings from Q4 2024.
securitylabs.datadoghq.com/articles/202...
Datadog has unique visibility into threat actor activity targeting cloud environments and this report highlights our key findings from Q4 2024.
securitylabs.datadoghq.com/articles/202...
Reposted by Greg Foss
DHS has terminated the memberships of everyone on its advisory committees.
This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.
www.documentcloud.org/documents/25...
This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.
www.documentcloud.org/documents/25...
January 21, 2025 at 8:43 PM
DHS has terminated the memberships of everyone on its advisory committees.
This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.
www.documentcloud.org/documents/25...
This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.
www.documentcloud.org/documents/25...
Reposted by Greg Foss
"Tales from the cloud trenches: Unwanted visitor"
securitylabs.datadoghq.com/articles/tal...
This post describes an attacker that we've observed in the wild, including a malicious AWS account ID used to create a backdoor IAM role.
securitylabs.datadoghq.com/articles/tal...
This post describes an attacker that we've observed in the wild, including a malicious AWS account ID used to create a backdoor IAM role.
December 11, 2024 at 9:43 PM
"Tales from the cloud trenches: Unwanted visitor"
securitylabs.datadoghq.com/articles/tal...
This post describes an attacker that we've observed in the wild, including a malicious AWS account ID used to create a backdoor IAM role.
securitylabs.datadoghq.com/articles/tal...
This post describes an attacker that we've observed in the wild, including a malicious AWS account ID used to create a backdoor IAM role.
Reposted by Greg Foss
New from Datadog Security Research! Threat actors are constantly publishing backdoored software libraries to steal credentials, get C2, and more. @ikretz.bsky.social did something about it. Meet the Supply-Chain Firewall, a tool to block malicious packages.
securitylabs.datadoghq.com/articles/int...
securitylabs.datadoghq.com/articles/int...
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages | Datadog Security Labs
Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages
securitylabs.datadoghq.com
December 6, 2024 at 3:13 PM
New from Datadog Security Research! Threat actors are constantly publishing backdoored software libraries to steal credentials, get C2, and more. @ikretz.bsky.social did something about it. Meet the Supply-Chain Firewall, a tool to block malicious packages.
securitylabs.datadoghq.com/articles/int...
securitylabs.datadoghq.com/articles/int...
Reposted by Greg Foss
Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends
securitylabs.datadoghq.com/articles/goo...
by @christophetd.fr
securitylabs.datadoghq.com/articles/goo...
by @christophetd.fr
Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends | Datadog Security Labs
This post offers a deep dive into Google Cloud’s default service accounts, explaining their functionality, risks, and real-world adoption trends.
securitylabs.datadoghq.com
November 29, 2024 at 12:37 PM
Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends
securitylabs.datadoghq.com/articles/goo...
by @christophetd.fr
securitylabs.datadoghq.com/articles/goo...
by @christophetd.fr
Reposted by Greg Foss
I will be presenting Guarddog github.com/datadog/guar... at Blackhat MEA next week. If you will be there come and say Hi
GitHub - DataDog/guarddog: :snake: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages - GitHub - DataDog/guarddog: :snake: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
github.com
November 22, 2024 at 7:15 AM
I will be presenting Guarddog github.com/datadog/guar... at Blackhat MEA next week. If you will be there come and say Hi
Reposted by Greg Foss
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
November 18, 2024 at 3:37 PM
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
Reposted by Greg Foss
If you're looking for the security talks from Kubecon NA 2024, I've added the abstracts and Youtube embeds to talks.container-security.site/categories/#... .
There's also talks going back to 2016 in case you really want to watch a lot of container security videos!
There's also talks going back to 2016 in case you really want to watch a lot of container security videos!
Posts by Category
This site hosts a list of talks from various conferences on the topic of Cloud Native security.
talks.container-security.site
November 18, 2024 at 7:27 PM
If you're looking for the security talks from Kubecon NA 2024, I've added the abstracts and Youtube embeds to talks.container-security.site/categories/#... .
There's also talks going back to 2016 in case you really want to watch a lot of container security videos!
There's also talks going back to 2016 in case you really want to watch a lot of container security videos!
Reposted by Greg Foss
Want to keep up to date with Datadog’s Cloud Security Research? We’ve got a starter pack for that. All of our researchers in one feed.
go.bsky.app/8XpcFm5
go.bsky.app/8XpcFm5
November 18, 2024 at 1:21 PM
Want to keep up to date with Datadog’s Cloud Security Research? We’ve got a starter pack for that. All of our researchers in one feed.
go.bsky.app/8XpcFm5
go.bsky.app/8XpcFm5