Security Runners

I'm excited to share my latest Security Runners blog: "Stop Using Predictable Bucket Names: A Failed Attempt at Hacking Satellites" ??? ?? Key findings: ??? Discovered AWS service buckets with region numbers up to us-east-15 ??? A look into AWS Ground Station package bucket ??? Comprehensive list of predictable AWS service bucket patterns ??? Failed attempt at intercepting satellite communications ?? Please check your buckets internally for namesquatting issues, this is a known industry wide issue that is not getting enough attention. ?? Blog: https://lnkd.in/gx77kUZS ?? Bluesky: https://lnkd.in/gCaZM4HA ?? Website: https://securityrunners.io #AWS #cybersecurity

I’m excited to share my latest blog post on Security Runners, titled "Beyond RCE: Autonomous Code Execution in Agentic AI," where I dive into how agentic AI systems can be influenced to perform unintended actions through prompt injection and phishing techniques, uncovering both the potential and risks of autonomous AI behavior. ?? How prompt injection can influence agentic AI systems in unexpected ways ?? Real-world experiments in prompt and control injection ?? A candid look at AI's readiness and the need for guardrails ?? Read more: https://lnkd.in/gg6zp5Wh ?? Visit Security Runners: https://securityrunners.io ?? Follow my Linkedin Page: Security Runners #cybersecurity #AI #Anthropic

No one asked, yet you shall receive! Here is the forked version of Jonathan W.'s Github repo - tuned for Google Cloud Security documentation. Happy Hunting ?? https://lnkd.in/g8B2UNBm

I'm thrilled to announce the launch of my new blog at Security Runners! ?? "Turning AWS Documentation into Gold: AI-Assisted Security Research". It’s a deep dive into how I’ve been using AWS Bedrock to enhance my security research, images that will make any cloud historian fascinated, and uncovering some really interesting security findings along the way. ?? What you'll find: - How I scrapped 150,000+ pages of AWS documentation for security research. - Building custom knowledge bases with AWS Bedrock for more accurate answers. - Highlights from my discoveries, like misconfigured assets and reserved S3 bucket prefixes. - Interesting AWS historical artifacts that will interest any long time AWS user Next week I will be launching a security chaos engineering weekly newsletter providing realistic capture the flag like scenarios, so be sure to subscribe! ?? Read the blog: https://lnkd.in/g9QtiFSt ?? See the open source tool https://lnkd.in/g-TmGKjB ?? Visit Security Runners: https://lnkd.in/g_RYJKFr #cloudsecurity #aws #AI #bedrock

I'm thrilled to share the first blog post from my bootstrapped security startup, Security Runners! ?? I just published an in-depth analysis on identifying gaps in AWS security observability tools, focusing on their gaps on identifying publicly accessible resources. ?? Blog Highlights: - Created every possible publicly accessible AWS resource to determine coverage? - Some AWS services prevent you from applying public resource policies in the console - A look into automated reasoning within AWS for publicly accessible resources - Real-world examples and insights from our extensive research and testing. If you’re concerned about your observability coverage in AWS, I strongly recommend giving this a read! ?? Read the blog: https://lnkd.in/grW-S9v4? ?? Visit our new site: https://lnkd.in/g7czxxNs? ?? Follow us on LinkedIn for more updates: https://lnkd.in/giqaMmvT