Christophe Tafani-Dereeper

The New PKCE Authentication in AWS SSO Brings Hope (Mostly)

Stop worrying about ‘allowPrivilegeEscalation’

IMDSv2 enforcement: coming to a region near you!

Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB

A Tribute to Hadrien Milano

MitM at the Edge: Abusing Cloudflare Workers

Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud

Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario

Cloud Security Breaches and Vulnerabilities: 2021 in Review

Phishing for AWS credentials via AWS SSO device code authentication (updated 2024)