Research

Security Research

Technical writing on AWS threat detection, incident response, and the engineering decisions behind Ira.

    • aws-organizations
    • scp
    • rcp
    • preventive-controls

    SCPs and RCPs: Using Both to Close the Preventive Control Gap

    Service Control Policies restrict what your principals can do. Resource Control Policies restrict what can be done to your resources. Most AWS organisations use one or neither. Here is why both matter, and how to choose.
    • guardduty
    • cloudtrail
    • threat-detection

    Correlating GuardDuty Findings with CloudTrail: The Signal Gap Most Teams Miss

    GuardDuty raises the alert. CloudTrail contains the chain. Most teams never connect the two in time. Here is how Ira closes that gap automatically.
    • iam
    • privilege-escalation
    • mitre-attack

    IAM Privilege Escalation in AWS: The Paths Ira Maps Automatically

    Each step in an IAM privilege escalation chain looks like a routine API call. The attack only becomes visible when you trace the full sequence. Ira does that automatically.