Founder of FIRCY. ex AWS security leader. Ambassador for #NoMoreRansom. Tweeting cyber and cloud.
Joined August 2015
- Tweets 320
- Following 218
- Followers 406
- Likes 251
22 Photos and videos
14 May 2024
Thought I'd ask the cloud community to DM me or reply if you've seen activity in your AWS logs (S3 / VPC / web application) for IP addresses in the range of 52.27.190[.]0 > 52.27.191[.]255 between July 2022 and April 2024. We've seen billions of requests, are we alone?
1
1
2
303
14 May 2024
Call it social media threat intelligence gathering 😎
If you can only search for single IP's then start with 52.27.191[.]181, 52.27.190[.]67, 52.27.190[.]9, 52.27.190[.]10, 52.27.191[.]179, 52.27.191[.]164, 52.27.190[.]82, 52.27.190[.]78, 52.27.190[.]90.
Yes AWS are aware.
1
2
172
Ben Potter retweeted
3 Feb 2024
As someone involved in the AWS offsec space, I want to share why I strongly do NOT recommend the HackTricks AWS Red Team Expert course. The author of it is a plagiarist, stealing content from other creators and is directly profiting off of it through sponsorships. A 🧵
7
75
322
119,756
Ben Potter retweeted
16 Nov 2022
Full house this morning at @stoneandchalk @AustCyber breakfast ft @benji_potter @YSGovRiskSec @duariv @Fivecast @CyberCX @ISACA_Adelaide @CyberOpsAU @DIIS_SA exploring the #growth of the Australian #Cyber Industry
#STARTUPWEEK #SOUTHSTART
1
3
11
27 Jul 2022
AWS IAM Identity Center replaces the old Single Sign-On console, looks much better thank you @AWSIdentity !
3
8
1 Jul 2022
This is not a drill for Jenkins users that choose to expose their instances / servers to the internet. Long list of plugins vulnerable with no patches: bleepingcomputer.com/news/se… Time to remove them from being publicly exposed!
1
1
18 Nov 2021
Found my first working #IoT project in storage… Nokia 6110 with SMS microcontroller for digital I/O! 15 years ago it was pretty sophisticated for a home alarm system compared to what we have now. Little circuit board on the right is actually a remote doorbell receiver.
1
3
Ben Potter retweeted
2 Nov 2021
New: underground trade of bots that steal your 2FA codes. Bot places convincing automated call to target. Victim enters code, gets fed to hacker instantly. Dramatically lowers the barrier of entry for bypassing 2FA, no social engineering skills needed vice.com/en/article/y3vz5k/b…
7
291
536
1 Nov 2021
I will always prefer working virtually. Today was Clare in South Australia amongst nature with a beautiful creek. Bees got a bit close a few times!
2
Ben Potter retweeted
1 Nov 2021
In our latest blog myself and @ChristiaanBeek explore the increased use of #socialmedia as a vector to target individuals. Includes examples of recent nation-state activity: mcafee.com/blogs/enterprise/… #cybersecurity #infosec
12
11
2 Sep 2021
AWSome blog and code for automating forensic disk collection in #aws aws.amazon.com/blogs/securit… #DFIR
4
4
Ben Potter retweeted
26 Jul 2021
RDP is back! The most common attack vector for #ransomware is RDP again according to @coveware coveware.com/blog/2021/7/23/… #malware #cybersecurity #infosec
4
68
81
Ben Potter retweeted
21 Jul 2021
Activity from the REVIL group now detected in 44 countries, updated IoCs, threat advisories now available: mcafee.com/enterprise/en-us/… H/T @Jeffrey_Sman @Glacius_ @_Fritto_ @tim_hux
@John_Fokker #malware #cybersecurity
11
13
20 Jul 2021
Advice for all owners of data - test your backups and recovery processes as @briankrebs has outlined in his recent blog krebsonsecurity.com/2021/07/… by preparing you won’t need to pay the ransom and make criminals even more capable
8 Jul 2021
Today I’m celebrating 7 years at AWS! 🎉 I’m getting used to virtual socials now, enjoy not having to travel hours to see my US friends!
2
10
2 Jun 2021
Personal blog post on attack vectors and how you can protect against ransomware in S3. S3 cannot be infected with malware like a traditional desktop or server, the focus instead is on credential management. #aws #awssecurity #ransomware #cybersecurity securingthe.cloud/aws/protec…
7
19
18 May 2021
Just hit publish on updates to AWS #WellArchitected #Security paper docs.aws.amazon.com/wellarch… nothing major just additional context, and guidance on threat modeling, governance and abuse.
2