fwd:cloudsec North America 2025

June 30 - July 1, 2025 · Denver, CO · 44 talks

A practitioner-driven cloud security conference featuring offensive research, defensive operations, and governance across AWS, Azure, GCP, and beyond.

→ See editor’s top picks at fwd:cloudsec North America 2025

• Introduction

  The opening session of **fwd:cloudsec North America 2025** sets the stage for the conference under this year's theme: **"Living on the Edge."** Delivered by the conference organizers in Denver…

• whoAMI: Discovering and exploiting a large-scale AMI name confusion attack — Seth Art

  Seth Art, a security researcher at Datadog with 15 years of penetration testing experience, presents a comprehensive examination of the **whoAMI** attack, a name confusion vulnerability affecting…

• Detecting the Undetectable: Threat Hunting in Appliance Environments — Sagi Tzadik, Shahar Dorfman

  Sagi Tzadik and Shahar Dorfman, security researchers at **Wiz**, present a methodology for hunting sophisticated malware in **virtual appliance environments** in the cloud. Virtual appliances --…

• Putting Workload Identity to Work: Taking SPIFFE past day 0 — Dave Sudia

  Dave Sudia, a former platform engineer, delivers a lightning talk on moving **SPIFFE (Secure Production Identity Framework for Everyone)** from proof of concept to production at scale. SPIFFE is a…

• The Good, The Bad, and The Vulnerable: Breaking Down GCP Tenant Projects — Ofir Balassiano, Ofir Shaty

  Ofir Balassiano and Ofir Shaty, security researchers at **Palo Alto Networks**, present a deep investigation into **GCP tenant projects** -- hidden, Google-managed projects that are provisioned…

• Inside Microsoft's Battle Against Cloud-Enabled Deepfake Threats — Alessandro Brucato, Stefano Chierici

  Alessandro Brucato and Stefano Chierici present an investigation into how attackers abuse stolen cloud API credentials to generate deepfakes at scale, connecting the dots between **LLMjacking**…

• IAM Roles Anywhere – now for everyone with Let's Encrypt — Dhruv Ahuja

  Dhruv Ahuja presents a clever, practical approach to using **AWS IAM Roles Anywhere** with free **Let's Encrypt** certificates as a PKI, eliminating the need for expensive private certificate…

• Rebuilding ROADRecon for the Modern Entra Environment — Thomas Byrne

  Thomas Byrne, a security consultant at Reverse, presents the work required to rebuild **ROADRecon** -- a widely used Python tool for enumerating Microsoft Entra ID (formerly Azure AD) tenants -- in…

• Defenders hate it! Compromise vulnerable SaaS applications with this one weird trick — Eric Woodruff

  Eric Woodruff, Chief Identity Architect at Semperis, presents a deep investigation into **nOAuth** -- a two-year-old vulnerability class in applications using **OpenID Connect (OIDC)** with…

• Data Perimeter Implementation Strategies: Lessons Learned Rolling Out SCPs/RCPs — Agnel Amodia, Ben Joyce

  Agnel Amodia and Ben Joyce from Vanguard presented a detailed account of how one of the world's largest investment management companies implemented a comprehensive **data perimeter program** across…

• Securing Remote MCP Servers — Jake Berkowsky

  Jake Berkowsky, a principal architect and field CTO at Snowflake, delivered a pragmatic briefing on the security challenges of **Model Context Protocol (MCP)** servers -- the emerging standard for…

• Not So Secret: The Hidden Risks of GitHub Actions Secrets — Amiran Alavidze

  Amiran Alavidze, Director of Security Engineering at Zello, delivered a sharp and demo-driven talk exposing a fundamental weakness in **GitHub Actions secrets**: any user with write access to a…

• Patience brings prey: lessons learned from a year of threat hunting in the cloud — Greg Foss, Anthony Randazzo

  Greg Foss and Anthony Randazzo from Datadog's product detection engineering team presented a year-in-review of their cloud threat hunting program, sharing operational methodology, two detailed case…

• Happy Little Clouds: Painting Pictures with Microsoft Cloud and Identity Data — Matt Graeber

  Matt Graeber, a threat researcher at Red Canary and the person who co-coined the term **"living off the land"** at DerbyCon years ago, delivered a methodical and deeply technical talk on how to…

• Inviter Threat: Managing Security in a new Cloud Deployment Model — Meg Ashby

  Meg Ashby, from the late-stage fintech compliance startup Alloy based in New York City, returned to fwd:cloudsec for her second year to present on the security challenges of **Bring Your Own Cloud…

• Trust Issues: What Do All these JSON files actually mean? — David Kerber

  David Kerber, an AWS consultant and self-described IAM obsessive, presented a suite of open-source tools he built to solve what he calls the fundamental problem of cloud security: **AWS IAM is the…

• No IP, No Problem: Exfiltrating Data Behind IAP — Ariel Kalman

  Ariel Kalman, a senior security researcher at Mitiga, presented a novel data exfiltration technique that abuses Google Cloud Platform's **Identity-Aware Proxy (IAP)** to smuggle secrets out of…

• Beyond the Big Three: Mastering Oracle Cloud Security in a Multi-Cloud World — Dani Kaganovitch

  Dani Kaganovitch, a product manager at Rock Steady, presented an introduction to **Oracle Cloud Infrastructure (OCI)** security for practitioners accustomed to AWS, Azure, and GCP. With Fortune 100…

• I Didn't Register for This: What's Really in Google's Artifact Registry? — Moshe Bernstein

  Moshe Bernstein, a cloud vulnerability researcher at Tenable Cloud Security, presented the results of a large-scale security audit of container images hosted on Google's **Artifact Registry**. The…

• ECS-cape – Hijacking IAM Privileges in Amazon ECS — Naor Haziz

  Naor Haziz, a software developer and security researcher at Sweet Security, presented a vulnerability he discovered in **Amazon ECS** (Elastic Container Service) that allows any container running on…

• Staying Sneaky in the Office (365) — Christian Philipov

  Christian Philipov, a principal security consultant at WithSecure (formerly F-Secure), presented research into lesser-known SharePoint APIs that enable offensive operations while evading Microsoft's…

• Farewell False Positives: Building Trustworthy AI for IaC Analysis — Emily Choi-Greene

  Emily Choi-Greene, CEO and co-founder of Clearly AI, delivered a practitioner-focused talk on building reliable AI systems for analyzing **infrastructure as code (IaC)**. Rather than presenting new…

• Introducing GRC Engineering: A New Era of AWS Compliance — AJ Yawn

  AJ Yawn, Director of GRC Engineering at Aquia and author of the "GRC Engineering for AWS" book, presented a passionate manifesto for transforming governance, risk, and compliance (GRC) from a…

• When Your Partner Betrays You - Trusted Relationship Compromise In The Cloud — Sebastian Walla

  Sebastian Walla, a cloud threat intelligence analyst at CrowdStrike, presented two real-world case studies of **trusted relationship compromises** in Azure, both conducted by the China-nexus threat…

• The Good, the Bad, and the Ugly: Hacking 3 CSPs with 1 Vulnerability — Hillai Ben-Sasson, Andres Riancho

  Andres Riancho and Hillai Ben-Sasson, security researchers at Wiz, presented research demonstrating how a single critical container escape vulnerability in **NVIDIA Container Toolkit** was used to…

• What Do You Mean, "Resource Not Found?" Demystifying GCP Error Codes for IR & Detections — Gabriel Fried

  Gabriel Fried, a principal security researcher at Mitiga, presented a remote talk on leveraging **GCP error codes** as a detection and incident response signal. The central thesis is that security…

• Double Agents: Exposing Hidden Threats in AI Agent Platforms — Michael Katchinskiy, Hagai Kestenberg

  Michael Katchinskiy and Hagai Kestenberg, security researchers from the **Microsoft Defender for Cloud Research** team, presented remote research into the security of AI agent-building platforms…

• Logs don't mean a thing: Unraveling IaC-Managed Identity Ownership — Dan Abramov, Eliav Livneh

  Dan Abramov and Eliav Livneh, both security researchers at **Token Security**, presented a creative and entertaining exploration of a deceptively hard problem in cloud identity management…

• This Wasn't in the Job Description: Building a production-ready AWS environment from scratch — Mohit Gupta, Nick Jones

  Nick Jones and Mohit Gupta, both security consultants (penetration testers) at **Reverse X** (formerly WithSecure Consulting), delivered an unusually candid account of building an entire production…

• The False Sense of Security: Defense Becoming a Vulnerability — Nathan Eades

  Nathan Eades delivered a sharp critique of how **Privileged Identity Management (PIM)** and **Just-In-Time (JIT) access** in Microsoft Entra ID have created a false sense of security that often…

• Challenges implementing egress controls in a large AWS environment — Greg Aumann

  Greg Aumann, a member of Block's cloud security team (previously on the product security engineering team managing the **Afterpay** AWS environment), presented a detailed and operationally honest…

• Shared-GPU Security Learnings from Fly.io — Matthew Braun

  Matthew Braun, a security practitioner at **Fly.io**, presented a rare behind-the-scenes look at the security challenges of offering shared GPU compute to customers on a public cloud built on…

• What would you ask a crystal ball for AWS IAM? — Nick Siow

  Nick Siow from Netflix's cloud security team presented the journey from a failed enterprise metrics initiative to the creation of **Yams**, a newly open-sourced IAM simulation engine designed to…

• Keeping your cloud environments secure during a merger or acquisition — Isaac Lepow

  Isaac Lepow delivered a practitioner-focused walkthrough of the cloud security pitfalls that emerge during mergers and acquisitions, drawing from direct experience with three acquisitions at a…

• fwd:cloudsec State of the Conference 2025

  The fwd:cloudsec organizing committee delivered their second-ever "State of the Union" address, updating the community on the health, finances, growth, and challenges facing the conference in its…

• You Are Not Netflix: How to learn from conference talks — Rami McCarthy

  Rami McCarthy, a security researcher at **Wiz**, delivered a meta-talk about how security practitioners should critically evaluate conference presentations to extract genuine value rather than…

• I SPy: Rethinking Entra ID research for new paths to Global Admin — Katie Knowles

  Katie Knowles, a cloud security researcher at Datadog, delivered a lightning talk dissecting the long and often frustrating history of **service principal hijacking** in Microsoft Entra ID (formerly…

• Challenges around AI-as-a-Service logging — Jeremy Snyder

  Jeremy Snyder presented a detailed examination of the current state of logging for AI-as-a-Service offerings, focusing primarily on **Amazon Bedrock** but touching on broader challenges across cloud…

• Taming LLMs to Detect Anomalies in Cloud Audit Logs — Yigael Berger

  Yigael Berger, Head of AI at Sweet Security, presented a practical method for fine-tuning **GPT-2** on cloud audit log data to build an anomaly detection engine that can distinguish routine DevOps…

• The Duplicitous Nature of AWS Identity and Access Management (IAM) — Jason Kao

  Jason Kao, founder of Fog Security, delivered a methodical examination of **duplicate IAM permissions** in AWS -- cases where two or more distinct IAM permissions produce the same outcome or effect…

• Read Between The Logs: A New Vulnerability in Gemini Cloud Assist Proves the Threat is Real — Liv Matan

  Liv Matan, a cloud vulnerability researcher on the **Tenable Cloud Security Research Team**, presented the discovery of a new attack class: **log poisoning to prompt injection** targeting…

• Bypassing AI Security Controls with Prompt Formatting — Nathan Kirk

  Nathan Kirk, Director at NR Labs and co-author of a blog post with AWS, presented research on **prompt formatting** -- a technique for bypassing AI guardrails by instructing the model to format its…

• Securing organizations ML & LLMops deployments: A platform architect's journey onboarding LLM & MLops tools and securing multi-cloud data access — Kyler Middleton, Sai Gunaranjan

  Kyler Middleton (Principal Developer for Internal AI Solutions) and Sai Gunaranjan (Lead Architect, Cloud Platform Team) from **Veradyne**, a U.S. healthcare company, delivered a dual-track…

• Breaking AI Agents: Exploiting Managed Prompt Templates to Take Over Amazon Bedrock Agents — Jay Chen, Royce Lu

  Jay Chen, a security researcher at **Palo Alto Networks**, presented original attack research against **Amazon Bedrock Agents**, demonstrating a three-stage attack methodology -- reconnaissance…