Cloud Conversations - with Kat Traxler - A blog containing cloud research focusing in GCP, AWS and identity architecture

But how would you distinguish between legitimate backup activity and malicious data exfiltration on AWS S3?

In this blog post, I walkthrough a malicious use of the S3 Replication service and how selective data event logging on the S3 service will result in a gap in S3 exfiltration visibility since the PutObject event, indicating data movement event will not be written in the Source Account.