Casting Light on Shadow Cloud Deployments
Brittney Argirakis, Chapin Bryce
ShmooCon XX (Final) · Day 2 · Build It
In an era of rapid cloud adoption, organizations frequently grapple with the unforeseen security risks posed by unmanaged and unmonitored cloud resources. This talk, "Casting Light on Shadow Cloud Deployments," delivered by incident response experts Brittney Argirakis and Chapin Bryce at ShmooCon 2025, addresses the critical issue of **shadow cloud infrastructure** – cloud assets spun up outside of official security and governance processes, often becoming prime targets for initial access by threat actors. The speakers highlight how these forgotten or overlooked deployments, ranging from simple proof-of-concept (PoC) instances to test environments, can lead to severe breaches, including ransomware and cryptojacking.
AI review
The speakers, drawing from extensive IR experience, presented "luminat," a practical open-source tool designed to quickly identify and triage shadow cloud deployments. By integrating both internal cloud API calls (AWS) and external scanning (Nmap, WhatWeb, Shodan), luminat provides a comprehensive view of exposed resources, their context, and potential vulnerabilities. This tool directly addresses a pervasive problem, offering incident responders and smaller organizations a much-needed capability for rapid assessment and reporting, which is a significant contribution to immediate operational…