Prep your Microsoft environment for an identity-based attack.
Book an identity exposure gap analysis today.
Back

Kat Traxler

Principal Security Researcher
Visit Linkedin Profile

Kat Traxler was Principal Security Researcher at Vectra AI focusing on threat detection in the public cloud. Prior to her current role, she worked in various stages in the SDLC performing web application penetration testing and security architecture design for Web, IAM, Payment Technologies and Cloud Native Technologies.

Kat’s research philosophy directs her work to where design flaws and misconfigurations are most probable. This guiding principle leads her research to the intersection of technologies, particularly the convergence of cloud security and application security and where the OS-layer interfaces with higher-level abstractions.

Kat has presented at various conferences including the SANS CloudSecNext Summit and fwd:CloudSec on topics such as privilege escalation in GCP, and bug-hunting in the cloud. In addition to her work at Vectra AI, she is a member of IAN Faculty and the Lead Author of the SANS SEC549 - Enterprise Cloud Security Architecture and currently holds multiple GIAC certifications. You can find her on the internet as @nightmareJS

Post from

Kat Traxler

Cloud Threat Detection Capabilities with The DeRF: Bridging the Gap in Current Tools
August 9, 2023
Kat Traxler
Cloud Threat Detection Capabilities with The DeRF: Bridging the Gap in Current Tools

This new open-source tool bridges common gaps SOC teams face in cloud threat detection. Gain more flexibility to develop custom attack techniques.

Read more
Rethinking Your Threat Models for the Cloud
May 3, 2023
Kat Traxler
Rethinking Your Threat Models for the Cloud

Attacker techniques are dictated by the characteristics of the tech stack. So what is the approach needed to defend cloud systems?

Read more
LastPass Breach: The Pyramid of Pain Perspective
March 14, 2023
Kat Traxler
LastPass Breach: The Pyramid of Pain Perspective

This blog outlines the intel in the LastPass communiques and enumerates the attacker indicators while framing the discussion around the "Pyramid of Pain".

Read more
Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service
July 20, 2022
Kat Traxler
Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

Read more
Log4J’s Unique Impact In The Cloud
December 20, 2021
Kat Traxler
Log4J’s Unique Impact In The Cloud

Threat actors can use the Log4J vulnerability as a platform for launching attacks, but what does this mean for cloud environments? Find out exactly how attackers are exploiting this vulnerability and what this could mean for your organization.

Read more
November 4, 2023
Attacks as a Service with The DeRF

During this demo, we will guide you through the straightforward and automated deployment process for the DeRF.

Watch the video