About Datadog Security Labs

Security Labs is the place for our researchers and engineers to publish practitioner-focused, innovative security content. You will find here a mix of threat research, open-source software, and community-focused posts. You can:

We'd love to hear from you! Reach out at securitylabs@datadoghq.com to provide feedback, ideas, or just say hello.

Want to work with us? Check out our open security positions!

Publications

talk

Kubernetes Community Days UK - London 2024

Oct'24

Charting the Course: The History and Evolution of Kubernetes Security | Rory McCune

talk

BSides Toronto

Oct'24

Hidden in Plain Sight: (Ab)using Entra's AUs

talk

BSides Orlando

Oct'24

Six Degrees of Cloud Escalation

talk

Kubernetes Community Days Austria - Vienna 2024

Oct'24

Fortifying Kubernetes - Strategies for Secure Cluster Management | Rory McCune

talk

DEF CON 32 Cloud Village, SANS CloudSecNext Summit 2024

Sep'24

Who Polices the Policies Privilege? Escalation and Persistence with Azure Policy

talk

fwd:cloudsec Europe 2024

Sep'24

Hidden Among the Clouds: A Look at Undocumented AWS APIs

talk

fwd:cloudsec Europe 2024

Sep'24

Hidden in Plain Sight: (Ab)using Entra's AUs

workshop

DEF CON 32 Cloud Village

Aug'24

Exploiting Common Vulnerabilities in AWS environments

talk

BSides Denver 2024

Sep'24

Detecting Threats in SaaS Applications

talk

DEF CON 32

Aug'24

Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access

talk

DEF CON 32 Cloud Village

Aug'24

Detection engineering and purple teaming in the cloud

talk

BSides Las Vegas

Aug'24

Abusing misconfigured OIDC authentication in cloud environments

talk

fwd:cloudsec North America 2024

Jun'24

Trust Me Bro: Preexisting Trust is the New Initial Access Vector

talk

Kubernetes Community Days Zurich

Jun'24

Bouncing between your app, your cluster and your cloud

talk

SLEUTHCON

May'24

Hyperscalers and fincrime: a match made in the cloud

talk

BSides Dublin 2024

May'24

Observability for pentesters

talk

AWS Summit London

Apr'24

Introduction to container security

talk

Insomni'Hack 2024

Apr'24

Abusing misconfigured OIDC authentication in cloud environments

talk

FIRST Cyber Threat Intelligence Conference

Apr'24

A Practical Approach to Managing Emerging Vulnerabilities

talk

Google Cloud Next

Apr'24

You can only secure what you can see: how observability can empower security

talk

UniCon

Apr'24

Detection Engineering Trends

talk

KubeCon EU

Mar'24

Keep hackers out of your cluster with these 5 simple tricks

talk

Cloud Native Rejekts EU

Mar'24

Exploring Attacker Persistence Strategies in Kubernetes

talk

State of Open

Feb'24

You can only secure what you can observe

talk

Google Security Webinar

Nov'23

Leveraging Telemetry for Effective Detection in Google Cloud Platform

podcast

Cloud Security Podcast

Nov'23

Attacking and defending managed Kubernetes clusters

podcast

Cloud Security Podcast

Oct'23

Adversary emulation tools

talk

ATT&CKcon 2023

Oct'23

Cloud Native Workload ATT&CK matrix

talk

Kubernetes Community Days UK

Oct'23

The Secret Life of Kubernetes Containers

talk

SANS CloudSecNext

Oct'23

A journey through attack vectors in managed Kubernetes services

talk

Black Hat USA 2023 & DEF CON Cloud Village 2023

Aug'23

Evading Logging in the Cloud: Bypassing AWS CloudTrail

talk

fwd:cloudsec

Jun'23

Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail

talk

fwd:cloudsec

Jun'23

Google Cloud Threat Detection: A Study in Google Cloud

talk

fwd:cloudsec

Jun'23

Swimming with the Sharks. IR Kubed.

talk

BSides Dublin

May'23

Containers for Pentesters

talk

DevoxxUK

May'23

10 ways to improve your container workload security

talk

KubeCon EU

Apr'23

Mind the Gap! Bringing Together Cloud Services and Managed K8s Environments

talk

KubeCon EU

Apr'23

Malicious Compliance: Reflections on Trusting Container Scanners

talk

Insomni'Hack

Mar'23

Finding Malicious PyPI Packages in the Wild

talk

State of Open Conference 23

Feb'23

The Myriad Paths to Improving Open Source Security

podcast

Cloud Security Podcast

Jan'23

Getting Started with Hacking AWS

talk

Kubernetes Community Days UK

Nov'22

In theory, there’s no difference between practice and theory

talk

SANS HackFest Summit 2022

Nov'22

What I Wish I Knew Before Pentesting AWS Environments

talk

DEFCON Cloud Village 2022

Aug'22

Purple Teaming & Adversary Emulation in the Cloud

talk

SANS New2Cyber 2022

Mar'22

Fantastic AWS Hacks and Where to Find Them