This article examines how attackers can exploit log data in cloud environments for enumeration and intelligence gathering. It discusses the types of logs generated by major cloud providers like AWS, Azure, and GCP, and highlights the importance of rethinking log access to enhance security. Practical mitigation strategies for defenders are also presented.

This article discusses findings from the 2025 State of Cloud Security study, highlighting issues like the risks of long-lived credentials and the importance of using AWS Organizations for better security management. It also offers recommendations for improving security postures in cloud environments.

A recent AWS report identifies major security issues in cloud systems, with human errors and operational misconfigurations leading to data breaches. Despite widespread cloud adoption, concerns about cybersecurity and integration challenges persist among businesses. The report underscores the need for organizations to address these vulnerabilities as they transition to cloud-based solutions.

This article details a cloud attack where a threat actor gained administrative access to an AWS environment in under 10 minutes, utilizing stolen credentials from public S3 buckets. The attacker leveraged large language models to automate tasks such as reconnaissance and malicious code generation, ultimately compromising multiple AWS principals.

This article outlines Sumo Logic's cloud security features for AWS, emphasizing real-time monitoring and AI-driven incident response. It invites readers to sign up for a demo and offers insights into improving security operations.

The author shares their experience of having their AWS account hacked, detailing how the attacker gained access, the immediate steps taken to regain control, and the lessons learned about cloud security. They emphasize the importance of proper security measures and the mindset needed to prevent such incidents.

The article provides insights into effective AWS policies and where to locate them, focusing on best practices for managing permissions and access in cloud environments. It emphasizes the importance of tailored and secure policies to enhance operational efficiency and security compliance.

Intrusion Shield for AWS offers an automated cloud firewall that utilizes decades of threat intelligence to block risky network traffic without the need for manual rule management. It analyzes all network traffic in real-time, generates firewall rules, and provides prioritized recommendations for addressing security risks. Available on AWS Marketplace, it simplifies security for lean teams by minimizing alerts and streamlining threat management.

Shield Cloud is a software-based firewall gateway for AWS environments that utilizes Intrusion Applied Threat Intelligence to dynamically generate firewall rules and block malicious traffic. It offers centralized policy management through the Intrusion Command Hub and supports stateful firewall functionality and Zero Trust architecture for enhanced VPC security. With automated updates and detailed reporting, Shield Cloud simplifies compliance and operational management for cloud resources.

AWS detection engineering practices were critically assessed after a breach simulation revealed undetected attacker persistence. The team rebuilt their detection capabilities by focusing on key log sources like CloudTrail, VPC Flow Logs, and GuardDuty, emphasizing the importance of correlation across these sources for effective threat detection.

Preparing for cloud incidents requires a strategic approach to logging across major cloud providers. This article ranks essential logs for Microsoft, AWS, and Google Cloud, providing insights on their criticality for detecting and responding to security incidents, as well as real-life case studies illustrating their importance. Ensuring the right logs are enabled and retained is vital for effective incident response.

Cloud Snitch is a powerful tool designed to enhance your understanding of AWS account activity, providing an intuitive interface for exploring and documenting AWS principals, IP addresses, and network activity. It helps users quickly identify errors and suspicious behavior, while also allowing for the generation and management of service control policies to enforce security compliance. Open-sourced under the MIT license, it can be deployed easily or used through cloudsnitch.io.

The offering includes a free 15-day trial of Palo Alto Networks' VM-Series Virtual Firewall, providing advanced security features to protect AWS workloads from various threats such as malware and phishing. It supports seamless integration with AWS environments and offers automated policy management, enhanced threat prevention, and easy deployment through the AWS platform.