Projects | Code

Date	Title	Notes
Aug 2025	DEFCON 33 Cloud Village CTF	Created Cloud Walker Challenge (AWS & Azure persistence and lateral movement)
Aug/Apr 2025	Storm-2372 Attack POC	Demo in RSA 2025, DEFCON 33 Cloud Village talks
Sep 2024	Cloud Tripwires POC	Related to DEF CON 32 Cloud Village talk
Aug 2024	DEFCON 32 Cloud Village CTF	Created Identity Quest Challenge (Azure Device Code Phishing, Sub-Tenant, SP Abuse)
Aug 2023	DEFCON 31 Cloud Village CTF	Created Source of Your Troubles (AWS Lambda Priv Esc) + Oldie But Goodie Challenges (IAM Versioning Priv Esc)
Aug 2021	OAuth Device Code Flow Phishing Attack POC	Demo in DEF CON 29 talk

Presentations | Conferences

Date	Conference	Venue	Slides	Video
Aug 2025	DEFCON 33	Cloud Village	Braving the Storm-2372: The Tempest Decoded	Youtube
Apr 2025	RSAC 2025	Main Stage	Keys to the Azure Kingdom: Detecting Service Principal Abuse	Youtube
Apr 2025	RSAC 2025	Main Stage	Canary in the Cloud Mine: Stealthy Tripwires to Detect Post-Breach Activity	Youtube
Apr 2025	RSAC 2025	Lab	Lab: Solving Capture-The-Flag Challenges in AWS, Azure, and GCP
Apr 2025	BSidesCharm 2025	Main Stage	Fight Stealth with Stealth: Detecting post-breach activity in the Cloud	Youtube
Aug 2024	DEFCON 32	Cloud Village	Cloud Tripwires Extended Deck	GDrive
Aug 2024	DEFCON 32	Cloud Village	Cloud Tripwires
Aug 2023	DEFCON 31	Cloud Village	SSO: Sloppy, Suspect, Vulnerable	Youtube
Apr 2023	RSAC 2023	Main Stage	The Dark Underbelly of 3rd-Party Application Access to Corporate Data	Youtube
Aug 2022	DEFCON 30	Cloud Village	OAuthsome Magic Tricks: Yet more OAuth abuse	Youtube
Jun 2022	RSAC 2022	Main Stage	Defending Against New Phishing Attacks that Abuse OAuth Authorization Flows	Youtube
Jun 2022	RSAC 2022	Lab	Lab: Advanced Discovery, Persistence, and Privilege Escalation in AWS, GCP, Azure
Aug 2021	DEFCON 29	Main Stage	New Phishing Attacks Exploiting OAuth Authorization Flows	Youtube
Dec 2020	BlackHat Europe 2020	Remote	IAM Concerned: OAuth Token Hijacking in Google Cloud	Youtube
Aug 2020	DEFCON 28	Cloud Village	GCP OAuth Token Hijacking	Youtube
Aug 2019	DEFCON 27	Cloud Village	Exploiting AWS Loopholes with Temporary Credentials

Papers | Reports

Date	Title	Publication \| Site	Type
Sep 2024	Effective C2 Beaconing Detection	Netskope	Whitepaper
Jul 2024	Cloud and Threat Report: AI Apps in the Enterprise	Netskope	Report
May 2024	Analysing and managing risk from third-party OAuth application access	Cyber Security: A Peer-Reviewed Journal, Volume 7 (2023-24), Henry Stewart Publications	Peer‑Review

Blogs

Date	Title	Site
Dec 02 2021	Over-Privileged Service Accounts Create Escalation of Privileges and Lateral Movement in Google Cloud	Netskope
Sep 23 2021	A Real-World Look at AWS Best Practices: Logging	Netskope
Sep 14 2021	Who Do You Trust? Challenges with OAuth Application Identity	Netskope
Sep 07 2021	A Real-World Look at AWS Best Practices: Networking	Netskope
Aug 24 2021	A Real-World Look at AWS Best Practices: Storage	Netskope
Aug 12 2021	New Phishing Attacks Exploiting OAuth Authorization Flows (Part 3)	Netskope
Aug 10 2021	New Phishing Attacks Exploiting OAuth Authorization Flows (Part 2)	Netskope
Aug 10 2021	New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1)	Netskope
Jun 15 2021	Who Do You Trust? OAuth Client Application Trends	Netskope
Jun 08 2021	Operationalizing IP Allow Lists for Cloud Environments	Netskope
Jun 03 2021	A Real-World Look at AWS Best Practices: Password Policies	Netskope
May 19 2021	A Real-World Look at AWS Best Practices: IAM Policies	Netskope
May 06 2021	A Real-World Look at AWS Best Practices: IAM User Accounts	Netskope
Apr 22 2021	A Real-World Look at AWS Best Practices: Root Accounts	Netskope
Feb 16 2021	The Root of Your AWS Insecurities	Netskope
Oct 06 2020	It’s All About Access: Remote Access Statistics for Public Cloud Workloads	Netskope
Aug 25 2020	GCP OAuth Token Hijacking in Google Cloud—Part 2	Netskope
Aug 07 2020	GCP OAuth Token Hijacking in Google Cloud – Part 1	Netskope
May 06 2020	AWS: Improve CloudTrail Logging for Assumed Role	Netskope
Jan 31 2020	MITRE Att&ck View: Securing AWS Temporary Tokens	Netskope
Jan 29 2020	Applying MITRE Att&ck	Netskope
Nov 05 2019	MITRE ATT&CK Cloud Techniques	Netskope
Aug 10 2019	Securing AWS Temporary Tokens	Netskope
Jul 30 2019	AWS S3 Logjam: Server Access Logging vs. Object-Level Logging	Netskope

Miscellaneous

Date	Title	Organization
Jan 22 2024	Interview: Guardians of the Internet: Cybersecurity for Business Leaders	Radio BFM 89.9, Kuala Lumpur, Malaysia, Richard Bradbury

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Projects | Code

Presentations | Conferences

Papers | Reports

Blogs

Miscellaneous

About

Uh oh!

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 67 Commits
defcon33_cloud_village		defcon33_cloud_village
rsac2025		rsac2025
CLS-T02_Canary_Cloud_Mine.pdf		CLS-T02_Canary_Cloud_Mine.pdf
Charm_Fight_Stealth_With_Stealth.pdf		Charm_Fight_Stealth_With_Stealth.pdf
CloudTripwires_v3_slides.pdf		CloudTripwires_v3_slides.pdf
CyberSecurity_3rdPartyAppRisk_Hwong_20231102.pdf		CyberSecurity_3rdPartyAppRisk_Hwong_20231102.pdf
DEFCON_27_Cloud_Village_Exploiting_AWS_Loopholes_With_Temporary_Credentials_Jenko_Hwong.pdf		DEFCON_27_Cloud_Village_Exploiting_AWS_Loopholes_With_Temporary_Credentials_Jenko_Hwong.pdf
DEFCON_28_Cloud_Village_GCP_OAuth_Token_Hijacking_Jenko_Hwong.pdf		DEFCON_28_Cloud_Village_GCP_OAuth_Token_Hijacking_Jenko_Hwong.pdf
DEFCON_29_New_Phishing_Attacks_Exploiting_OAuth_Authorization_Flows_Jenko_Hwong.pdf		DEFCON_29_New_Phishing_Attacks_Exploiting_OAuth_Authorization_Flows_Jenko_Hwong.pdf
DEFCON_30_Cloud_Village_Oauthsome_Magic_Jenko_Hwong.pdf		DEFCON_30_Cloud_Village_Oauthsome_Magic_Jenko_Hwong.pdf
DEFCON_31_Cloud_Village_SSO_Sloppy_Suspect_Vulnerable_Jenko_Hwong.pdf		DEFCON_31_Cloud_Village_SSO_Sloppy_Suspect_Vulnerable_Jenko_Hwong.pdf
DEFCON_32_Cloud_Village_Cloud_Tripwires_Jenko_Hwong.pdf		DEFCON_32_Cloud_Village_Cloud_Tripwires_Jenko_Hwong.pdf
HT-M03_Keys_Azure_Kingdom_Service_Principals.pdf		HT-M03_Keys_Azure_Kingdom_Service_Principals.pdf
IDY-RO2_Defending_Against_New_Phishing_Attacks_that_Abuse_OAuth_Authorization_Flows.pdf		IDY-RO2_Defending_Against_New_Phishing_Attacks_that_Abuse_OAuth_Authorization_Flows.pdf
IDY-T01-The_Dark_Underbelly_of_3rd-Party_Application_Access_to_Corporate_Data_Final.pdf		IDY-T01-The_Dark_Underbelly_of_3rd-Party_Application_Access_to_Corporate_Data_Final.pdf
README.md		README.md
eu-20-Hwong-IAM-Concerned-OAuth-Token-Hijacking-In-Google-Cloud-GCP.pdf		eu-20-Hwong-IAM-Concerned-OAuth-Token-Hijacking-In-Google-Cloud-GCP.pdf

edleft/content

Folders and files

Latest commit

History

Repository files navigation

Projects | Code

Presentations | Conferences

Papers | Reports

Blogs

Miscellaneous

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages