Unleashing the crypto gold rush. [Research Saturday]
CyberWire Daily
00:00
How to Detect a Cloud Threat Actor Using a S3 Browser
A common method for initial access with cloud threat actors is just finding keys publicly accessible. They'll throw it into a utility they call S3 browser. It's a version from, like, January of 2021 that they've never updated. Once they have administrative privileges in the environment, they want to make sure that if somebody else discovers this key that they discovered or a defender finds out that they have access to this compromised credential, that they have another way back in.
Play episode from 03:18
Transcript
