Blog
News, Research & Articles
The latest research and product updates from the Tracebit team.
Research
Azure Detection Engineering: Log idiosyncrasies you should know about
We share a few inconsistencies found in Azure logs which make detection engineering more challenging.
Research
Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
We share a - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
Research
The Security Canary Maturity Model
We layout the different levels of maturity your organization may be at in their Security Canary Maturity, as well as discussing the value in maturity models themselves.
Research
Canary Infrastructure vs. Real World TTPs
We investigate three recent AWS security incidents and discuss how canaries could help you detect these early, and throughout the attack lifecycle.
Research
NO_WILDCARD: How I discovered the Organization ID of any AWS Account
Our latest research into VPC Endpoint Policy causes AWS to introduce significant changes!
Research
A hard look at GuardDuty shortcomings
Is GuardDuty all you need for AWS threat detection? We’ve asked our friend Rami McCarthy to dive into GuardDuty’s performance and consider the potential place for Canary Infrastructure.
Product
Tracebit announces $5m fundraise to bring intrusion detection canaries to the world
We're delighted to announce our seed funding round, we're partnering with Accel, Tapestry VC and an incredible set of angel investors to bring Tracebit to the world.
Research
fwd:cloudsec Talk: Discover the AWS Account ID of any S3 Bucket
Our Co-Founder and CTO Sam Cox presented his research into discovering the AWS Account ID of any S3 Bucket and how you might make similar discoveries yourself.
Product
Canary Program Communication: Secrecy vs. Discretion
We share the lessons learned from deploying canaries at scale - how to be thoughtful but pragmatic about some of the tradeoffs necessary.
Research
Canary AWS credentials: Beyond a token effort
What to think about when implementing canary AWS credentials in 2024 and beyond
Product
Canary Infra: Bringing Honeypots towards general adoption
Laying out why we think 'Canary Infra' is a game changer for honeypots and intrusion detection.
Research
How to find the AWS Account ID of any S3 Bucket
A technique to find the Account ID of a private S3 bucket.
Research
How fast is CloudTrail today? Investigating CloudTrail delays using Athena
Investigating how long CloudTrail takes to deliver events in 2023.
Research
Honeypots for Intrusion Detection
A deepdive into what Honeypots are, why they're useful and how they're used for intrusion detection.
The latest security research straight to your inbox
Subscribe to your newsletter to receive regular updates from our research and product teams