Last Tuesday (August 3rd), I presented "Access Keys Will Kill You Before You Kill The Password" at Black Hat US 2016. The summary is on the Black Hat website and the updated slide deck is available Here. This presentation aimed at highlighting risks associated with usage of AWS API access keys in environments that do not enforce MFA-protected API access, and documented strategies and IAM policies to help address these risks.

On Wednesday (August 4th), I presented Scout2 at Black Hat Arsenal. During two hours, I had the opportunity to demo Scout2 and meet users of the tool who shared valuable feedback with me. I look forward to implementing some of the features discussed during this event, including adding support for ECS and finishing the new rules generator.

As a reminder, Scout2 is available on Github, feedback is appreciated, and feature requests and pull requests are welcome. The Scout2 documentation is available at https://nccgroup.github.io/Scout2.