https://awsmatt.com/posts/Recent content in Posts on awsmattHugoen-auSat, 25 Apr 2026 00:00:00 +0000https://awsmatt.com/posts/d3fend-aws-defensive-technique-mappings/Sat, 25 Apr 2026 00:00:00 +0000https://awsmatt.com/posts/d3fend-aws-defensive-technique-mappings/The AWS Threat Technique Catalog documents how attackers operate in AWS. D3FEND-AWS maps the defensive counterpart — what to detect, harden, and evict — as structured, machine-readable YAML. Open source on GitHub.https://awsmatt.com/posts/behavioural-detection-automated-agents-mdr/Mon, 20 Apr 2026 00:00:00 +0000https://awsmatt.com/posts/behavioural-detection-automated-agents-mdr/Rule-based detection has a ceiling. Behavioural profiling with automated agents catches what static rules miss — especially in cloud environments.https://awsmatt.com/posts/scps-rcps-preventive-controls/Thu, 16 Apr 2026 00:00:00 +0000https://awsmatt.com/posts/scps-rcps-preventive-controls/Service Control Policies restrict what your principals can do. Resource Control Policies restrict what can be done to your resources. Most AWS organisations use one or neither. Here’s why both matter.https://awsmatt.com/posts/guardduty-cloudtrail-signal-gap/Tue, 10 Mar 2026 00:00:00 +0000https://awsmatt.com/posts/guardduty-cloudtrail-signal-gap/GuardDuty tells you something happened. CloudTrail tells you what happened next. Most teams treat these as separate workflows — and that gap is where attackers complete their objectives.https://awsmatt.com/posts/iam-privilege-escalation-patterns/Tue, 03 Mar 2026 00:00:00 +0000https://awsmatt.com/posts/iam-privilege-escalation-patterns/Each step in an IAM privilege escalation chain looks like a routine API call. The attack only becomes visible when you trace the full sequence.https://awsmatt.com/posts/aws-security-research/Sun, 01 Mar 2026 00:00:00 +0000https://awsmatt.com/posts/aws-security-research/Introducing awsmatt.com — a home for AWS security research, tools, and practical guides.