Scott Piper
@scottpiper.bsky.social
Cloud security historian.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Developed http://flaws.cloud, CloudMapper, and Parliament.
Founding team for fwdcloudsec.org
Principal Cloud Security Researcher at Wiz.
Pinned
Scott Piper
@scottpiper.bsky.social
· Jan 1
Avoiding mistakes with AWS OIDC integration conditions | Wiz Blog
Secure AWS OIDC integrations by avoiding common misconfigurations. Discover key IAM trust policy conditions for popular SaaS vendors to protect your cloud.
www.wiz.io
I looked at all the AWS OIDC integrations I could find to identify how they might be misconfigured and to understand the variations that different vendors have in how they set these up. www.wiz.io/blog/avoidin...
Reposted by Scott Piper
@fwdcloudsec.org is an awesome conference. Looking forward to seeing lots of cool submissions into the CFP!
We've locked in dates and venues for the North American (NA) and European (EU) fwd:cloudsec conferences this year!
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
January 20, 2026 at 8:17 PM
@fwdcloudsec.org is an awesome conference. Looking forward to seeing lots of cool submissions into the CFP!
Reposted by Scott Piper
Did you know Claude models have a "magic string" to test when a model refuses to respond? If that string enters prompt context, it can be abused to break LLM workflows until context is reset.
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
Break LLM Workflows with Claude's Refusal Magic String - Hacking The Cloud
How Anthropic's refusal test string can be abused to stop streaming responses and create sticky failures.
hackingthe.cloud
January 21, 2026 at 2:54 PM
Did you know Claude models have a "magic string" to test when a model refuses to respond? If that string enters prompt context, it can be abused to break LLM workflows until context is reset.
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
Reposted by Scott Piper
We've locked in dates and venues for the North American (NA) and European (EU) fwd:cloudsec conferences this year!
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
January 20, 2026 at 8:12 PM
We've locked in dates and venues for the North American (NA) and European (EU) fwd:cloudsec conferences this year!
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
fwd:cloudsec NA will be in the Seattle, Washington area at the Meydenbauer Center in Bellevue on June 1 and 2. 🧵
What are we calling normal AWS now? Normal, standard, classic, commercial, global, american?
How do you say out loud the acronym for AWS European Sovereign Cloud? I'm calling it "oosk", because the region is eusc-de-east-1, which sounds like a riff on the techno onomatopoeia "boots and cats".
How do you say out loud the acronym for AWS European Sovereign Cloud? I'm calling it "oosk", because the region is eusc-de-east-1, which sounds like a riff on the techno onomatopoeia "boots and cats".
January 16, 2026 at 4:29 PM
What are we calling normal AWS now? Normal, standard, classic, commercial, global, american?
How do you say out loud the acronym for AWS European Sovereign Cloud? I'm calling it "oosk", because the region is eusc-de-east-1, which sounds like a riff on the techno onomatopoeia "boots and cats".
How do you say out loud the acronym for AWS European Sovereign Cloud? I'm calling it "oosk", because the region is eusc-de-east-1, which sounds like a riff on the techno onomatopoeia "boots and cats".
The most surprising thing about AWS ESC is there aren't any cookie acceptance popup windows in the console. Is this really European?
January 16, 2026 at 4:24 PM
The most surprising thing about AWS ESC is there aren't any cookie acceptance popup windows in the console. Is this really European?
Reposted by Scott Piper
Very cool research on a CodeBuild misconfiguration which could have had significant consequences. I’m a bit disappointed that there wasn’t more done to secure the supply chain after the Q Developer incident.
www.wiz.io/blog/wiz-res...
www.wiz.io/blog/wiz-res...
CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog
Wiz Research discovered CodeBreach, a critical vulnerability that risked the AWS Console supply chain. Learn how to secure your AWS CodeBuild pipelines.
www.wiz.io
January 15, 2026 at 6:46 PM
Very cool research on a CodeBuild misconfiguration which could have had significant consequences. I’m a bit disappointed that there wasn’t more done to secure the supply chain after the Q Developer incident.
www.wiz.io/blog/wiz-res...
www.wiz.io/blog/wiz-res...
Reposted by Scott Piper
December is generally a good time for gifts, and I have a special one for you.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
December 19, 2025 at 8:45 PM
December is generally a good time for gifts, and I have a special one for you.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
We are glad to announce fwd:cloudsec Europe 2026: September 7th and 8th - London, UK 🇬🇧
More info to come early 2026. Stay tuned, folks.
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
Cryptomining campaign targeting Amazon EC2 and Amazon ECS | Amazon Web Services
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity ...
aws.amazon.com
December 16, 2025 at 11:48 PM
This is the best write-up on threat actor tradecraft I've seen from AWS. aws.amazon.com/blogs/securi...
My top picks from re:Invent security announcements: www.wiz.io/blog/top-aws...
Top AWS re:Invent Announcements for Security Teams in 2025 | Wiz Blog
The re:Invent announcements that are most impactful to security teams.
www.wiz.io
December 8, 2025 at 10:35 PM
My top picks from re:Invent security announcements: www.wiz.io/blog/top-aws...
Reposted by Scott Piper
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
cloudsecuritychampionship.com
November 27, 2025 at 1:49 PM
It’s time to bust some malware! 🦠
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Challenge #6 “Malware Busters” is LIVE.
Built by Gili Tikochinski for the reverse‑engineering pros - dive into assembly and uncover what’s hidden inside.
Think you can crack it?
cloudsecuritychampionship.com/challenge/6
Reposted by Scott Piper
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Shai-Hulud 2.0: Ongoing Supply Chain Attack | Wiz Blog
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
www.wiz.io
November 24, 2025 at 12:12 PM
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Reposted by Scott Piper
The day has come where we get to announce what we've been working on for the past year 😍
www.duckbillhq.com/blog/skyway-...
www.duckbillhq.com/blog/skyway-...
Skyway: Cloud cost management for the 9-figure club
Introducing Skyway: contract management for enterprise cloud spend. Built by the team overseeing tens-of-billions in enterprise cloud spend.
www.duckbillhq.com
November 18, 2025 at 4:47 PM
The day has come where we get to announce what we've been working on for the past year 😍
www.duckbillhq.com/blog/skyway-...
www.duckbillhq.com/blog/skyway-...
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Backyard APT: A Raccoon Story
Raccoons are both advanced and persistent threats. After one attacked my chihuahua Jolene, I declared war on my backyard invaders. Through ultrasonic deterrents, motion-activated sprinklers, and wacky...
engseclabs.com
November 11, 2025 at 5:24 PM
My favorite security story I've read this year 😂, a story of surprising turns by Alex Smolen: engseclabs.com/blog/raccoon...
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
October 27, 2025 at 1:47 PM
Yuval Avrahami was ranked as the top Azure researcher by Microsoft this quarter! He has made a Kubernetes focused CTF for the Wiz Cloud Security Championship, check it out! cloudsecuritychampionship.com
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Also if you can find cloud zero days, check out www.zeroday.cloud with a $4.5M prize pool!
Reposted by Scott Piper
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
October 23, 2025 at 12:51 PM
I feel like the biggest takeaway from the latest AWS outage is that there’s simply no architecting around them at this point. Even if you are 100% redundant/multi-whatever, your vendors and customers are certainly not. Order volume is dropping no matter what you do. We’re all in this together.
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
Stephen Gutowski on X: "Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great." / X
Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great.
x.com
October 13, 2025 at 12:45 AM
Jeep pushed a bad update on Friday that has been bricking 2024 Wrangle 4xe's. x.com/StephenGutow...
A company's website, API, and email were unavailable because "attackers socially engineered AWS into freezing its domain". www.theregister.com/2025/10/02/s...
Kodex outage blamed on AWS social engineering attack
: Software maker Kodex said its domain registrar fell for a fraudulent legal order
www.theregister.com
October 6, 2025 at 2:41 PM
A company's website, API, and email were unavailable because "attackers socially engineered AWS into freezing its domain". www.theregister.com/2025/10/02/s...
Reposted by Scott Piper
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
September 30, 2025 at 5:39 PM
Introducing ZERODAY.CLOUD🕵️♀️
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
Be the first to participate in the first-of-its-kind cloud hacking competition. 🤝
WIN HUGE PRIZES from our up to 4.5 million dollar prize pool. 💰🏆
Join us to help make the cloud a safer place. Register your exploit now >> zeroday.cloud
I really like the announcements that have been coming out of Cloudflare. In this latest one, SSO for everyone (not just enterprise). blog.cloudflare.com/enterprise-g...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Every Cloudflare feature, available to everyone
Cloudflare is making every feature available to any customer.
blog.cloudflare.com
September 30, 2025 at 2:33 PM
I really like the announcements that have been coming out of Cloudflare. In this latest one, SSO for everyone (not just enterprise). blog.cloudflare.com/enterprise-g...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Another recent and interesting one is their data platform: blog.cloudflare.com/cloudflare-d...
Reposted by Scott Piper
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
AWS announces EC2 instance attestation - AWS
Discover more about what's new at AWS with AWS announces EC2 instance attestation
aws.amazon.com
September 30, 2025 at 3:06 AM
After facing countless of limitation on #AWS #NitroEnclaves, the same feature is now available on normal EC2 instance.
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
The coming month must be a busy month for me to try it out
#ConfidentialComputing #AWSCloud
aws.amazon.com/about-aws/wh...
S3 SOAP API is being deprecated in a month (Oct 31). docs.aws.amazon.com/AmazonS3/lat...
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
Appendix: SOAP API - Amazon Simple Storage Service
Describes the SOAP API with respect to service, bucket, and object operations that you can perform on the Amazon S3 web service.
docs.aws.amazon.com
September 29, 2025 at 3:21 PM
S3 SOAP API is being deprecated in a month (Oct 31). docs.aws.amazon.com/AmazonS3/lat...
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
h/t @quinnypig.com for pointing it out in @lastweekinaws.com
The first step toward an organization of organizations. aws.amazon.com/about-aws/wh...
Billing View now supports cost management data from multiple organizations - AWS
Discover more about what's new at AWS with Billing View now supports cost management data from multiple organizations
aws.amazon.com
September 26, 2025 at 6:51 PM
The first step toward an organization of organizations. aws.amazon.com/about-aws/wh...