💥 A New Dawn: Attack-as-Code | Attack Scheduler 🤺
These new features would change your cloud security game FOREVER.

These features streamline the adoption of Continuous Threat Exposure Management, mature Detection Engineering functions & supercharge SOC teams. Details 👉 mitigant.io/en/blog/feat...

DIY — Building a Cost-Effective Questionnaire Automation with Bedrock Security questionnaires are very common today. When customers consider your product, especially if you’re a startup, they often ask for…

I built a PoC using Amazon Bedrock to automate security questionnaires. A centralized, secure knowledge base + zero cost when idle makes it perfect for occasional use. medium.com/@adan.alvare...

Demystifying Amazon Bedrock LLMJacking Attacks | Mitigant LLMJacking attacks are increasingly targeting GenAI workloads on Amazon Bedrock. Cybercriminals illegally gain access to Large Language Models during LLMJacking attacks and resell this access via chat...

These logs are essential for understanding attacks that target models, such as LLMJacking. This level of understanding is imperative for preventing, detecting, and responding to such attacks and other forms of abuse.

See some details about LLMJacking here -> mitigant.io/de/blog/demy...

These include model input/output data with important details like event timestamps, request IDs, model IDs, token usage, and all the cool stuff that often determine whether an attacker gets in successfully or is frustrated away! ☠️

⚡ Bedrock Security: Model Invocation Logs + CloudWatch 💥

Several Bedrock events are available in Cloudtrail, but model-level events aren't.

Leverage model invocation logs to breach this visibility gap. These logs contain critical information for security auditing, abuse detection, etc

🔍 WTF is Detection Engineering Maturity 🔎

Do you want to build a DE fxn from the ground up, or mature the fxn, or know what's up with this DE thing? 🤔
👉 Check out the Detection Engineering Maturity Matrix-> detectionengineering.io
#detectionengineering #securityoperations #cloudsecurity

⚡Making Security Agile: Attack-as-Code⚡

Security validation should be easy, repeatable, consistent & versioned. Enter Attack-as-Code!

👉 Detection engineering use cases -> mitigant.io/en/blog/clou...

#RedTeam #PurpleTeam #securityoperations #awssecurity #threathunting #blueteam #threatdetection

🤺 Beyond SSRF: When SSM Agents Go Rogue 🐞

💥 Okay, we love SSM Agents! They are great tools for managing EC2 Instances at scale. However, if attackers abuse them, they could become pain points.

🤔 So what can go wrong?

Check it out -> mitigant.io/en/blog/leve...