Sebastian Walla

161 posts

Sebastian Walla

@SebastianWalla

Did a Cybersecurity Bachelor and Master in Computer Science with a focus on Security. Deputy Manager - Cloud Threat Intelligence Opinion/Thoughts are my own.

Deutschland เข้าร่วม Temmuz 2011

618 กำลังติดตาม208 ผู้ติดตาม

Sebastian Walla รีทวีตแล้ว

Dirk-jan@_dirkjan·12 Mar

The next public edition of my "Offensive Entra ID" course will take place from June 8th to 11th in The Hague! Tickets are now available via events.outsidersecurity.nl/entra-26-07/. Last time the tickets sold out in a few weeks, so don't wait too long if you want to secure a spot.

English

9.5K

Sebastian Walla@SebastianWalla·19 Ara

@philvenables @JohnHultquist Will talks be recorded/live streamed similar to fwd:cloudsec?

English

Phil Venables@philvenables·17 Ara

I'm on the conference committee/review board for [un]prompted, a new AI security practitioner conference, happening on the 3rd-4th of March, in SF. Event focused on what actually works in AI security, from tools. strategy, to offense and defense. Submit a talk and/or sign up. unpromptedcon.org

English

5.9K

Sebastian Walla@SebastianWalla·18 Ağu

@sapirxfed @wiz_io I wish you a great time there, you surely are missed :)

English

255

sapir federovsky@sapirxfed·18 Ağu

Can't wait to feel at home here💙 @wiz_io

English

102

8.6K

Sebastian Walla@SebastianWalla·30 May

One thing I mentioned on the podcast that I will be speaking more about at @fwdcloudsec NA are trusted relationship compromises in the cloud: #when-your-partner-betrays-you" target="_blank" rel="nofollow noopener">fwdcloudsec.org/conference/nor… So come see my talk if you are interested and I heard there are still a few tickets available.

Sebastian Walla@SebastianWalla

Had a great time speaking about cloud-conscious threat actors with Cristian Rodriguez and Adam Meyers on the adversary universe podcast.

English

273

Sebastian Walla@SebastianWalla·30 May

Had a great time speaking about cloud-conscious threat actors with Cristian Rodriguez and Adam Meyers on the adversary universe podcast.

CrowdStrike@CrowdStrike

SCATTERED SPIDER is using tools like Azure Runbooks and Cloud Shells to move silently through victim environments. No malware, just access. Sebastian Walla joins Adversary Universe to break down modern cloud intrusions and how to stop them. 🎥 YouTube: crwdstr.ke/6013N2f1F

English

454

Sebastian Walla รีทวีตแล้ว

RE//verse@REverseConf·24 May

Don’t miss Cindy Xiao’s talk on Reconstructing Rust Types from RE//verse 2025 if you’re dealing with Rust in your day to day. It’s one worth adding to your watchlist: youtu.be/SGLX7g2a-gw?fe…

YouTube

English

5.6K

Sebastian Walla รีทวีตแล้ว

Scott Piper@0xdabbad00·9 Nis

The CFP for fwd:cloudsec closes this Friday (11:59 pm Mountain Daylight Time)! This is a conference for practitioners, which means that if you work in cloud security, you have something to say that we're interested in! fwdcloudsec.org/conference/nor…

English

1.8K

Sebastian Walla@SebastianWalla·22 Eyl

Had a great time presenting an overview of the most prevalent techniques of cloud-conscious cases at @fwdcloudsec's very first EU edition. The organizers did a great job! It felt just like the US version and was excellent to catch up and meet new people

English

340

Sebastian Walla@SebastianWalla·5 Ağu

Looking forward to present at fwd:cloudsec EU (@fwdcloudsec) and sharing some of the TTPs that we observe from cloud-conscious actors: pretalx.com/fwd-cloudsec-e…

English

346

Sebastian Walla@SebastianWalla·5 Nis

@fwdcloudsec Is there a link for where we can buy the tickets?

English

fwd:cloudsec@fwdcloudsec·4 Nis

Ticket sales for fwd:cloudsec Europe will open up in a few days! Tickets are (very) limited, mark your calendars for next Monday at 9:00 and 19:00 CEST, we’ll release the tickets in two batches.

English

3.7K

Sebastian Walla@SebastianWalla·15 Mar

@AmitaiCo @christophetd @jason_trost I think that is because a majority of the container focused threat intelligence in open source is based on honeypot data, which exposes the Docker API for initial access.

English

Amitai Cohen@AmitaiCo·14 Mar

@christophetd Good point - now that I think about it, all the in-the-wild examples I'm familiar with have an exposed API server as their initial access point... btw as @jason_trost mentioned the Cloud SQL issue, there was a similar issue in Alibaba (cloudvulndb.org/brokensesame).

English

106

Christophe Tafani-Dereeper@christophetd·14 Mar

Are container escape vulnerabilities actually a thing in the wild? I've only be able to find weak evidence of exploitation of the CVE-2019-5736 vulnerability in runC, but that's all.

English

9.8K

Sebastian Walla@SebastianWalla·15 Mar

@christophetd Tl;Dr We very rarely observe exploitation. This might be a visibility problem as fewer people are monitoring their hosts and containers using runtime protection as well as the short live of containers, which could mean the container is gone before incident response arrives.

English

Sebastian Walla รีทวีตแล้ว

fwd:cloudsec@fwdcloudsec·15 Oca

We’re excited to announce the European version of the conference: fwd:cloudsec Europe! It will take place on the 17th of September 2024 in Brussels, Belgium. CFP and registration will open in Spring, stay tuned!

English

22.7K

Sebastian Walla รีทวีตแล้ว

Karim El-Melhaoui@karimscloud·15 Oca

I'm thrilled to announce that we're bringing the @fwdcloudsec experience to Europe. We can only achieve this with the help of our community. I hope to see some of you there! Thanks to everyone who has made this possible.

fwd:cloudsec@fwdcloudsec

English

1.3K

Sebastian Walla@SebastianWalla·12 Oca

I only had to modify the number of base32 decoded characters to truncate after 16 chars (following the 4 char prefix) i.e. b32decode(aws_id[4:20])

English

172

Sebastian Walla@SebastianWalla·12 Oca

Thanks to the recent @trufflesec interview with @TalBeerySec I came across his post to derive AWS account ids from AWS key ids: @TalBeerySec/a-short-note-on-aws-key-id-f88cc4317489" target="_blank" rel="nofollow noopener">medium.com/@TalBeerySec/a… Not sure if every reader knew this but his algorithm also works for other AWS IDs. I tested AGPA,AIDA,AIPA,AKIA,ANPA,AROA,ASIA

English

2.9K

Sebastian Walla@SebastianWalla·10 Oca

Then this position for a colleague in the ART team might be something for you: crowdstrike.wd5.myworkdayjobs.com/en-US/crowdstr… (7/7)

English

Sebastian Walla@SebastianWalla·10 Oca

Are you not interested in analyzing/documenting cloud-conscious threat actor activities but would rather help catch them via honeypots and search/reproduce vulnerabilities at cloud service providers? (6/7)

English

Sebastian Walla@SebastianWalla·10 Oca

we will consider candidates from all regions where we can hire. I myself am based in Europe. #cloudsecurity #cloud #threatintel #hiring #aws #azure #gcp #remotework #remote (5/7)

English

Sebastian Walla@SebastianWalla·10 Oca

We at CrowdStrike are looking for a highly technical colleague that helps me study threats to the cloud! crowdstrike.wd5.myworkdayjobs.com/en-US/crowdstr… (1/7)

English

116

Sebastian Walla@SebastianWalla·10 Oca

feel free to reach out to me via direct message. Note that I’m not the hiring manager. We had to specify a region for our hiring portal which is why it states USA-/Canada-Remote. While this would be ideal to increase our window of coverage, (4/7)

English

Sebastian Walla@SebastianWalla·10 Oca

Together we would be the first to analyze cloud activity logs to discover and document new techniques such as persistence via identity federation (cisa.gov/news-events/cy…). If you have any questions, (3/7)

English

ค้นพบ

@philvenables @JohnHultquist @sapirxfed @wiz_io @fwdcloudsec @AmitaiCo @christophetd @jason_trost