Dealing with Storage Data Logs in the Cloud: A Hidden Challenge
Maayan Bentor, Zoe Rabi
fwd:cloudsec Europe 2025 · Day 1 · Main Room
Maayan Bentor and Zoe Rabi, cloud security researchers at Wiz, delivered a comprehensive cross-cloud analysis of storage data logging — the high-volume, often-neglected logs that are essential for detecting and investigating data exfiltration, ransomware, and storage-level attacks. Walking through real-world attack scenarios across **GCP**, **Azure**, and **AWS**, they demonstrated how attackers exploit storage services and what forensic evidence is (and is not) available in data-plane logs. The talk covered GCP bucket exfiltration via copy operations, Azure blob storage attacks leveraging anonymous access and **SAS tokens**, and AWS S3 ransomware using **SSE-C** encryption and mass deletion — all with detailed log analysis showing defenders exactly what to look for.
AI review
A practical, well-organized cross-cloud forensics talk that systematically catalogs storage data-plane logging capabilities, blind spots, and detection patterns across GCP, Azure, and AWS. The real-world attack scenarios are realistic and the log-level analysis provides genuinely useful detection content. However, the talk is fundamentally a blue-team logging guide rather than novel security research — the attacks themselves are known techniques, and the value lies in the forensic detail rather than new discoveries.