Welcome to my homepage!
I'm currently working as a cloud security researcher & advocate at Datadog. You will find below some pointers to posts and software I have written in the past.
Feel free to use my contact detail below to reach out!
- Email: christo phe@tafani -dereeper.me
- Twitter: @christophetd
- Mastodon: [email protected]
- LinkedIn: christophetafanidereeper
Latest posts
Latest posts from my blog where I write about things I like, use, dislike and misuse.
- Stop worrying about Kubernetes' allowPrivilegeEscalation
- IMDSv2 enforcement: coming to a region near you!
- MitM at the Edge: Abusing Cloudflare Workers
- Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud
- Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario
- Cloud Security Breaches and Vulnerabilities: 2021 in Review
- Phishing for AWS credentials via AWS SSO device code authentication
Company posts
Latest posts I wrote with current or past employers.
- Malicious PyPI packages targeting highly specific MacOS machines
- The XZ Utils backdoor (CVE-2024-3094)
- An analysis of a TeamTNT doppelgänger
- Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining
- Deep dive into the new Amazon EKS Cluster Access Management features
- Deep dive into the new Amazon EKS Pod Identity feature
- Following attackers’ (Cloud)trail in AWS: Methodology and findings in the wild
- Exploring GitHub-to-AWS keyless authentication flaws
- Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS
- The OverlayFS vulnerability CVE-2023-0386: Overview, detection, and remediation
- Partially bypassing the AWS Console authentication rate limiting
- A retrospective on public cloud breaches of 2022
- Investigating a backdoored PyPi package targeting FastAPI applications
- Finding malicious PyPI packages through static code analysis: Meet GuardDog
- The OpenSSL punycode vulnerability (CVE-2022-3602), detailed write-up
- State of AWS Security in 2022: a look into 600+ real-world AWS environments
Software
- Stratus Red Team
- Granular, Actionable Adversary Emulation for the Cloud
- MKAT
- Identify common security issues in managed Kubernetes environments.
- Grimoire
- Generate datasets of cloud audit logs for common attacks.
- GuardDog
- Identify malicious PyPI and npm packages
- CloudFlair
- Find origins of websites behind by CloudFlare using Internet-wide scan data from Censys
- Adaz
- Automate the provisioning of Active Directory labs in Azure
- log4shell-vulnerable-app
- Vulnerable Spring Boot application for easy reproduction of the Log4shell vulnerability
- Threatest
- Go framework for end to end testing threat detection rules
- censys-subdomain-finder
- Subdomain enumeration using the certificate transparency logs from Censys
- hunting-mindmaps
- Mindmaps for threat hunting using memory captures and Windows event logs
Talks
- Catch them all! Detection engineering and purple teaming in the cloud (DEF CON Cloud Village 2024)
- PIVOT! Bouncing between your app, your cluster and your cloud (Kubernetes Community Days Zürich 2024)
- Abusing misconfigured OIDC authentication in cloud environments (Insomni'Hack and BSides LV 2024)
- Keep Hackers Out of Your Cluster with These 5 Simple Tricks (KubeCon EU 2024)
- A journey through attack vectors in managed Kubernetes services (SANS CloudSecNext 2023 - slides)
- Mind The Gap! Bringing Together Cloud Services and Managed K8s Environments (KubeCon EU 2023)
- Finding Malicious PyPI Packages in the Wild (Insomni'Hack 2023)
- Purple Teaming & Adversary Emulation in the Cloud (DEF CON Cloud Village 2022)
- Purple Teaming the Cloud with Stratus Red Team (Cloud-Native SecurityCon 2022)
- Fantastic AWS Hacks and Where to Find Them (SANS New2Cyber 2022)
- Scanning Infrastructure-as-Code for security flaws (OWASP DevSlop)
- Can't Take My Lab off You — Automating the Provisioning of Active Directory Labs in Azure (vOPCDE #7)
- Adaz presentation (Forensic Lunch October 23rd, 2020)
- Switzerland has bunkers, we have Vault (BlackAlps 2018)
- How hackers exploit weak SSH credentials to build DDoS botnets (Blackalps 2017, Grehack 2017)
Podcasts
- Escaping from Managed Kubernetes Clusters (Cloud Security Podcast)
- Scanning Infrastructure-as-Code For Security Issues (Day Two Cloud episode 125)
- What is cloud security? (French only, NoLimitSecu podcast)
- Infrastructure-as-Code Security (French only, NoLimitSecu podcast)
- Service Meshes and their Security Implications (French only, NoLimitSecu podcast)
Books
Technical and non-technical books I particularly enjoyed reading and learning from.
Security:
- Hacking, the Art of Exploitation
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Violent Python
- The Phoenix Project
- The Goal: A Process of Ongoing Improvement
- Team Topologies
- Building Microservices: Designing Fine-Grained Systems
DevOps / Engineeering:
Find me on the web