Building the Cross-Cloud Kill Chain: A DE's Playbook for AWS, Azure & GCP Detections
Gowthamaraj
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
In an era where enterprises increasingly adopt **multi-cloud strategy**, securing diverse cloud environments has become a paramount challenge for defenders. This talk by Gowthamaraj, a Threat Detection Engineer at Meta, delves into the intricacies of building robust detection mechanisms against sophisticated **cross-cloud kill chains**. It highlights how attackers perceive and exploit the integrated, yet often disparate, nature of multi-cloud deployments, moving seamlessly between platforms like AWS, Azure, and GCP. The core premise is that the traditional, siloed approach to cloud security is no longer sufficient; a unified, contextual, and automated defense strategy is imperative.
AI review
Competent practitioner talk from someone who clearly does this work at Meta, covering cross-cloud kill chains with reasonable technical specificity — the AiTM → Entra ID → SAML abuse → S3 TF state pivot scenario is well-constructed and grounded. Nothing here will surprise experienced cloud defenders, but the KQL correlation examples and the six-step defensive framework give junior-to-mid detection engineers something concrete to take home.