Scott Piper
@scottpiper.bsky.social
Cloud security historian.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
I used to drink a gallon of milk a day, so this is just being more efficient.
October 13, 2025 at 3:20 PM
I used to drink a gallon of milk a day, so this is just being more efficient.
These include:
- SSO
- SSO-admin, which oddly uses arn:aws:trebuchet:::
- controlcatalog
- trustedadivsor
- route53 healthcheck
- Multi-party Approval qualified policies, which just ignores the arn format entirely with a 64 digit "partition". github.com/boto/botocor...
- SSO
- SSO-admin, which oddly uses arn:aws:trebuchet:::
- controlcatalog
- trustedadivsor
- route53 healthcheck
- Multi-party Approval qualified policies, which just ignores the arn format entirely with a 64 digit "partition". github.com/boto/botocor...
github.com
September 24, 2025 at 4:17 PM
These include:
- SSO
- SSO-admin, which oddly uses arn:aws:trebuchet:::
- controlcatalog
- trustedadivsor
- route53 healthcheck
- Multi-party Approval qualified policies, which just ignores the arn format entirely with a 64 digit "partition". github.com/boto/botocor...
- SSO
- SSO-admin, which oddly uses arn:aws:trebuchet:::
- controlcatalog
- trustedadivsor
- route53 healthcheck
- Multi-party Approval qualified policies, which just ignores the arn format entirely with a 64 digit "partition". github.com/boto/botocor...
Reposted by Scott Piper
Check out the full schedule here: fwdcloudsec.org/conference/...
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
fwd:cloudsec Europe 2025 - Day 1
Full schedule: https://fwdcloudsec.org/conference/north-america/schedule.htmlJoin the conversation on Slack: https://fwdcloudsec.org/forum/
www.youtube.com
September 15, 2025 at 4:40 AM
Check out the full schedule here: fwdcloudsec.org/conference/...
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
Not in Berlin? No worries, you can join us live on YouTube: www.youtube.com/live/-a9Ts7...
It's going to be a packed day of sharp insights and real-world lessons for cloud security l33ts.
This is seen in:
- the Amazon Q Developer extension compromise
- s1ngularity
- LameHug
- PromptLock ransomware
AI safeguards and non-determinism have limited the impact in some of these cases, but you can directly observe the iterations to improve in s1ngularity: www.wiz.io/blog/s1ngula...
2/2
- the Amazon Q Developer extension compromise
- s1ngularity
- LameHug
- PromptLock ransomware
AI safeguards and non-determinism have limited the impact in some of these cases, but you can directly observe the iterations to improve in s1ngularity: www.wiz.io/blog/s1ngula...
2/2
s1ngularity's aftermath: analysis of Nx supply chain attack | Wiz Blog
Investigating the role and performance of AI, total impact, and novel TTPs in the s1ngularity Nx supply chain attack
www.wiz.io
September 3, 2025 at 6:00 PM
This is seen in:
- the Amazon Q Developer extension compromise
- s1ngularity
- LameHug
- PromptLock ransomware
AI safeguards and non-determinism have limited the impact in some of these cases, but you can directly observe the iterations to improve in s1ngularity: www.wiz.io/blog/s1ngula...
2/2
- the Amazon Q Developer extension compromise
- s1ngularity
- LameHug
- PromptLock ransomware
AI safeguards and non-determinism have limited the impact in some of these cases, but you can directly observe the iterations to improve in s1ngularity: www.wiz.io/blog/s1ngula...
2/2
Thank you for sharing. At fwd:cloudsec this year, we also provided transparency into our finances and many other things in our State of the Union address. We similarly pay way too much on food and coffee, but it is somewhat due to how US hotels charge.
www.youtube.com/watch?v=PH6w...
www.youtube.com/watch?v=PH6w...
August 17, 2025 at 12:33 PM
Thank you for sharing. At fwd:cloudsec this year, we also provided transparency into our finances and many other things in our State of the Union address. We similarly pay way too much on food and coffee, but it is somewhat due to how US hotels charge.
www.youtube.com/watch?v=PH6w...
www.youtube.com/watch?v=PH6w...