LightNews
christophetd.fr
Christophe Tafani-Dereeper
@christophetd.fr
1.5K followers 120 following 80 posts
Cloud and container security • Security research and open source at Datadog 🇨🇭🇫🇷 https://christophetd.fr
christophetd.fr
Posts Media Videos Starter Packs
Pinned
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Nov 18
Welcome to everyone joining Bluesky!

👋 I'm working as a cloud security researcher at Datadog and I write about cloud security, container security and related open-source projects.

Personal blog: blog.christophetd.fr
OSS work: github.com/christophetd/
Talks: christophetd.fr#:~:text=Wind...
Christophe Tafani-Dereeper
Personal tech and security blog about things I like, use, dislike and misuse.
blog.christophetd.fr
20
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · 1d
If you're in cloud security, do have a look at this piece of research I've been working on! Feedback / thoughts welcome
securitylabs.datadoghq.com
Datadog Security Labs @securitylabs.datadoghq.com · 1d
Our State of Cloud Security 2025 study is out!

www.datadoghq.com/state-of-clo...

• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.
www.datadoghq.com
1 5
Reposted by Christophe Tafani-Dereeper
metalhearf.fr
Metalhearf @metalhearf.fr · 14d
The EU is advancing legislation requiring all messaging platforms to scan private messages, even in encrypted apps like Signal/WhatsApp/Telegram.

600+ security researchers oppose ChatControl for being technically flawed.

Learn more about it 👉 metalhearf.fr/posts/chatco...

#ChatControl #privacy
ChatControl wants to scan all your private messages
The EU is pushing legislation that would scan all our private messages, even in encrypted apps.
metalhearf.fr
1 4 6
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · 13d
Thanks! This was an incredibly great post
1 1
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · 24d
If you're into cloud security, fwd:cloudsec Europe is now live.

Schedule: fwdcloudsec.org/conference/e...
1 4
Reposted by Christophe Tafani-Dereeper
mccune.org.uk
Rory McCune @mccune.org.uk · Aug 21
I did a bit more looking into the upcoming bitnami deprecation. The images are still getting millions of pulls a week, so depending on exactly what tags vanish next week, there could be a lot of broken deploys on the 28th!

raesene.github.io/blog/2025/08...
Bitnami Deprecation
raesene.github.io
4 5
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Aug 10
@micahflee.com thank you for the amazing and inspiring defcon talk
2
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jul 29
I arbitrarily picked a list of 50 talks I'm most excited about that are happening next week at DEF CON / Black Hat / BSides LV / The Diana Initiative.

I'll also add recordings/slides to this list when they become available!
securitylabs.datadoghq.com
Datadog Security Labs @securitylabs.datadoghq.com · Jul 29
Datadog guide to Hacker Summer Camp 2025, amd the top 50 talks we're excited about

securitylabs.datadoghq.com/articles/hac...
Datadog guide to Hacker Summer Camp 2025 | Datadog Security Labs
Get ready to take on Hacker Summer Camp with our guide on planning, prepping, and schedules for Datadog events.
securitylabs.datadoghq.com
2 2
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jul 28
Getting ready for DEF CON next week!

✅ Slides
✅ Demos
✅ Custom shirt designed for the occasion
2
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jul 18
This is dropping ed375deea6f7407d2ff9dab1cb326473 (bazaar.abuse.ch/sample/c68e4...)

credits Varun Sharma for the share on LinkedIn
MalwareBazaar - c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441
Threat intel on c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441 (MD5 ed375deea6f7407d2ff9dab1cb326473)
bazaar.abuse.ch
1 1
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jul 18
Looks like the maintainer of a number of highly-popular npm packages was phished through npnjs[.]com, and his access used to publish malicious versions of their packages

x.com/JounQin/stat...

www.linkedin.com/feed/update/...

github.com/prettier/esl...
1 5 5
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jul 8
Great research, would you be able to share the sample GitHub repositories and/or their metadata? I'm working on an open-source tool and could use some additional samples!
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jun 23
Stratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS

Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...

Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
2 7
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jun 23
The MCP spec has been updated to include security best practices

• Confused deputy
• Token passthrough
• Session hijacking

modelcontextprotocol.io/specificatio...
Security Best Practices - Model Context Protocol
modelcontextprotocol.io
3 4
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Jun 10
Solid way to start the week
1 2 30
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · May 26
phobia.fandom.com/wiki/Anatida...
Anatidaephobia
Anatidaephobia is the irrational fear of being watched/stalked by one or more duck(s). It is not a recognized or documented phobia in the field of psychology or psychiatry. The term "anatidaephobia" w...
phobia.fandom.com
1
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · May 15
👀
1
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · May 8
Happy to discuss submission ideas!
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · May 8
If you're a cloud practitioner based in Europe, definitely submit to fwd:cloudsec Berlin happening in September!

We're actively seeking submissions from first time speakers and non-security folks. In that case, you can submit by May 30th and get initial feedback on your submission!
fwdcloudsec.org
fwd:cloudsec @fwdcloudsec.org · May 7
The CFP for fwd:cloudsec Europe is now open! We're looking for practitioner-focused cloud security content, and we encourage all practitioners to submit, whatever your role or level of experience.

The CFP is open until July 11th. Read more: fwdcloudsec.org/conference/e...
CFP | EU 2025 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
1 3 7
Reposted by Christophe Tafani-Dereeper
fwdcloudsec.org
fwd:cloudsec @fwdcloudsec.org · Apr 20
Ticket sales for fwd:cloudsec Europe 2025 goes live on April 22nd, first batch at 9 AM CET and a second batch at 7PM CET. Tickets are sold through Swoogo, link at fwdcloudsec.org/conference/e... ..
fwd:cloudsec Europe 2025 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
1 5 6
Reposted by Christophe Tafani-Dereeper
jennamclaughlin.bsky.social
Jenna McLaughlin @jennamclaughlin.bsky.social · Apr 18
My story breaking this news exclusively was 7K+ words and had almost all of this in it, and more:
www.npr.org/2025/04/15/n...
90 2K 4.6K
Reposted by Christophe Tafani-Dereeper
securitylabs.datadoghq.com
Datadog Security Labs @securitylabs.datadoghq.com · Mar 27
The March edition of the Datadog Security Digest is out!

securitylabs.datadoghq.com/newsletters/...

• New MITRE ATT&CK coverage matrix in Stratus Red Team
• Compromised GitHub actions
• Malicious Maven packages
• Exploitation of SSRF vulnerabilities on the rise
• ... and more
Malicious Maven packages, SSRFs strike again, and stealing cloud credentials from web applications | Datadog Security Labs
This month’s digest has a little bit of everything—cloud threats, supply chain attacks, and a reminder that yes, attackers are still exploiting SSRFs.
securitylabs.datadoghq.com
2 2
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Mar 24
Looking forward to it! ☁️🇪🇺🇩🇪
fwdcloudsec.org
fwd:cloudsec @fwdcloudsec.org · Mar 24
We’re thrilled to announce that the second edition of fwd:cloudsec Europe will take place on September 15-16 in Berlin!

fwdcloudsec.org/conference/e...
fwd:cloudsec Europe 2024 | fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...
fwdcloudsec.org
Reposted by Christophe Tafani-Dereeper
wietzebeukema.nl
Wietze @wietzebeukema.nl · Mar 24
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.

My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.

Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
1 19 36
christophetd.fr
Christophe Tafani-Dereeper @christophetd.fr · Mar 21
313 speakers?! ça comment à faire du monde, impressionant !
Reposted by Christophe Tafani-Dereeper
securitylabs.datadoghq.com
Datadog Security Labs @securitylabs.datadoghq.com · Feb 27
The February edition of the Datadog Security Digest is out!

securitylabs.datadoghq.com/newsletters/...

featuring @sethsec.bsky.social, @mccune.org.uk, @karimscloud.bsky.social, @jcfarris.bsky.social, and more
The whoAMI name confusion attack, modern phishing tactics, and K8s network security fundamentals | Datadog Security Labs
This February edition of the Datadog Security Digest dives into the
securitylabs.datadoghq.com
2 5