My first bounty

Waiting… 🥲

I find it hard to believe that AWS charges me for having hourly data of costs in my AWS environment.

.. You'd also have to first elevate yourself in order to remove another principal. It's interesting how a Global Admin has an invisible access to the Root scope.

If you were to remove any of the users previously, it had to be done through the REST API, as the permission is inherited on the Tenant Root Group visible in the portal

You can now see users that have triggered the Elevated Access toggle in Azure.

A simple bypass is to immediately assign the principal the same permissions at the top level management group, Tenant Root Group (tenant ID) rather than the Root scope ("/").

I still think this is an important feature.

Use cases for Delegated Administrator for AWS Organizations | Wiz Blog Learn about how AWS's recently released Delegated Administrator for AWS Organization can be used to solve common problems at your company and the issues you might run into with it.

Finally read and implemented the AWS Delegated Management - @scottpiper.bsky.social’s article hits the nail on challebges - we built and maintained an internal API to access this information for automation purposes, which I would do again if it wasn’t for this feature www.wiz.io/blog/use-cas...

fwd:cloudsec | fwd:cloudsec fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...

We’re also happy to announce our Europe scholarship program. Through this initiative, we hope to give a limited number of students or those looking to make a career change a chance to attend the conference, through a complimentary ticket and a stipend to cover travel expenses..

fwd:cloudsec Europe 2025 | fwd:cloudsec fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...

Ticket sales for fwd:cloudsec Europe 2025 goes live on April 22nd, first batch at 9 AM CET and a second batch at 7PM CET. Tickets are sold through Swoogo, link at fwdcloudsec.org/conference/e... ..

GitHub has released an unofficial tool to audit GitHub Actions

Released after the Changed-Files debacle

github.com/github/audit...

Cloudy at Fløtatind, Sunndal

or the common "hey how are you" to derail conversation before it has even started

Thanks for sharing! Had this discussion over a few beers with a TAM yesterday that had heard of similar cases

The only liberation we’ve experienced through the past week is the liberation of our savings

What happens if a lambda that puts an event to an S3 triggers on the same S3… I can’t afford to find out

Messed up an entire GCP org. trying to clean up inheritance using google_organization_iam_policy rather than binding.

Will never know what random internal service account were assigned a hopefully not critical role.

It's happening again! We're looking for sponsors that will help support this years European conference🤝

Is there any way to generate an SBOM that describes github actions and their transitive dependencies? Ref tj-actions. I feel like this should be a thing

Given this is the second time I look into an AWS Solutions product and find something interesting, with no AppSec background - I have a strong feeling there's more to be found..

Abusing AWS Serverless Image Handler We recently discovered that the AWS solution ‘Dynamic Image Transformation for Amazon CloudFront’, previously known as ‘AWS Serverless Image Handler’, prior to version 6.2.6, contains a configuration ...

Stumbled upon the Serverless Image Handler while looking into AWS Solutions: www.o3c.no/knowledge/ab...

I'll be in Singapore at that time, but for those lucky enough to make it - ENJOY and hope to see you next year or in Europe this Fall (TBA).

Rather than maintaining a poorly written niche tool, we hope that the functionality will be adopted by more prevalent and widely adopted tools such as BloodHound or commercial offerings such as Wiz Code.

Tool Release: Azure and OIDC - Code to Cloud In conjunction with our talk at HackCon and the release of our latest tool in Research Release, are sharing this as a companion blog post.

Last week, we presented our latest research into Azure and OIDC where we also released our latest tool for mapping attack paths between Azure and GitHub

www.o3c.no/knowledge/to...

The End of Programming as We Know It

www.oreilly.com/radar/the-en...

CFP | NA 2025 | fwd:cloudsec fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...

The CFP for the best cloud security conference on earth is now open! If you'd like your research to be presented alongside the cutting edge of the industry, this is your opportunity!
fwdcloudsec.org/conference/n...

I'll give this a go as well. Thanks for sharing!

Congrats, great addition to the Wiz team and now you have a reason to visit us in Norway

Dynamic Image Transformation for Amazon CloudFront | AWS Solutions | AWS Solutions Library Dynamic Image Transformation for Amazon CloudFront (formerly Serverless Image Handler) enables real-time image processing through the global content delivery network (CDN) of Amazon CloudFront.

AWS just renamed the Serverless Image Handler solution to Dynamic Image Transformation for Amazon CloudFront

aws.amazon.com/solutions/im...

Starting the new year above the clouds

Wir wissen wo dein Auto steht - Volksdaten von Volkswagen Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hau...

The full recording can be found here:
media.ccc.de/v/38c3-wir-w.... There's an English audio track available.

And the Spiegel article can be found here:
www.spiegel.de/netzwelt/web...