GCP Consultant @googlecloud | Ex-Unit42 | Cloud Security | @noahmcdonald@infosec.exchange
Joined March 2022
- Tweets 71
- Following 144
- Followers 77
- Likes 129
1 Photos and videos
Noah McDonald retweeted
12 Feb 2024
I was recently pointed to some #fresh GCP documentation from @TheIceRoot
For your reading pleasure is a complete list of P4SAs (per-project-per-product) Service Accounts and their default roles šÆ
cloud.google.com/iam/docs/seā¦
1
4
8
1,304
Noah McDonald retweeted
21 Jan 2024
#Google #GCP attack matrix
#TrustEverybodyButCutTheCards
Courtesy of: Noah McDonald medium.com/google-cloud/googā¦
2
7
16
2,459
Noah McDonald retweeted
22 Jan 2024
āļø Google Cloud Incident Response Cheat Sheet
* Overview of IR in GCP
* Logs for threat hunting and incident response
* Log analysis
* Service accounts
* GCP attack matrix
By @TheIceRoot
#cybersecurity #infosec
medium.com/google-cloud/googā¦
9
43
2,882
Noah McDonald retweeted
30 Oct 2023
We've lined up a venue for fwd:cloudsec 2024! Mark your calendars for June 17-18 in Arlington, VA. Ticket sales and CFP will open in early January. For those interested in sponsoring, we'll have a prospectus in the next few weeks. Email sponsorship@fwdcloudsec.org if interested.
20
70
13,377
Noah McDonald retweeted
25 Oct 2023
Ever wonder how attackers breach the cloud? Jay Chen and Noah McDonald will walk through common cloud attack vectors and a real breach incident in this #sectorca presentation, starting at 2:45 in 714AB. buff.ly/3tuDMxt
1
1
120
Noah McDonald retweeted
25 Oct 2023
85% of organizations have hard-coded credentials in VMs, say Jay Chen and Noah MacDonald. Their talk on cloud oversight is ongoing at #sectorca in 714AB. buff.ly/3tuDMxt
1
1
112
Noah McDonald retweeted
25 Oct 2023
We just heard all about how upset gamers compromised the cloud with SIM-Swap, thanks to Jay Chen and Noah McDonald at #sectorca. They're wrapping up now in 714AB. buff.ly/3tuDMxt
1
1
117
25 Oct 2023
If you are at #SecTor today, come check out my talk on real world cloud attacks! #cloud #blackhat blackhat.com/sector/2023/briā¦
2
74
26 Jul 2023
I am excited to announce that my colleague Jay Chen and I got accepted to @BlackHatEvents SecTor!! blackhat.com/sector/2023/briā¦
5
960
Noah McDonald retweeted
19 Jul 2023
Unfortunately @orcasec got their terminology wrong in their report by calling the cloud build SA , a āDefault SAā, then I PERPETUATED it! - apologies. There are only 2 default SAs. The compute and app engine SA. The Cloud Build SA is not a default SA, it is a P4 SA. 1/3
18 Jul 2023
The "bad.build" in question is the Default Cloud Build Service Account (SA), so what is it? It runs build for you, pulls images, injects secrets and "actsas" the SA which any resulting resource (i.e. Cloud Run) ultimately runs as. They are unique per project. 2/8
2
2
12
2,762
23 Jun 2023
Spotify released how they analyze volatile memory in Google Kubernetes Engine. Love the details! #secops #containers #forensics engineering.atspotify.com/20ā¦
5
10
710
Noah McDonald retweeted
22 Jun 2023
We've just released our AWS CloudTrail Cheat sheet, blog post: invictus-ir.medium.com/aws-cā¦
Link to cheat sheet: github.com/invictus-ir/aws-cā¦
In this thread our Top 5 Events from CloudTrail for Incident Response! š§µ
1
29
65
6,747
Noah McDonald retweeted
14 Jun 2023
One final @fwdcloudsec appreciation post: It was legitimately the best con I have ever attended. Hands down. Gathering some of the brightest minds in the cloud security community for two days of AMAZING talks. I had never been in person before and now I will never miss it.
5
14
73
8,689
27 Apr 2023
Ever wanted to hire someone to hack you? This Google cloud blog walks through how red teams can benefit companies #gcp #mandiant #hacking cloud.google.com/blog/transfā¦
2
1
173
13 Apr 2023
Great insight into an #aws ransomware event from @InvictusIR most recent blog invictus-ir.medium.com/ransoā¦
1
80
Noah McDonald retweeted
13 Apr 2023
š£ Cado Labs researchers recently encountered an emerging Python-based credential harvester and hacktool, named Legion, aimed at exploiting various services for the purpose of email abuse. Full analysis here: cadosecurity.com/legion-an-aā¦
#threatintelligence #threatresearch #cyber
4
7
960
Noah McDonald retweeted
3 Apr 2023
Zoom having an outage due to a misconfigured SCP. Classicš
14
29
184
70,646
25 Mar 2023
Attack path simulation coming to your nearest GCP! And now that SCC is more affordable, everyone should be testing this new feature #gcp #cloudsecurity cloud.google.com/blog/producā¦
73
Noah McDonald retweeted
20 Mar 2023
New cloud security research! We found a method to bypass CloudTrail logging for both read AND write API actions in AWS Service Catalog! In addition, we also reported an issue with a lack of CloudTrail logging in AWS Control Tower. securitylabs.datadoghq.com/aā¦
3
59
140
33,197