Resources / Blogs

Spaceraccoon

Cloud-native security and SaaS exploitation

Spaceraccoon logo

Spaceraccoon is a key resource for understanding cloud-native attack surfaces. Eugene’s research into SaaS tenancy, webhook security, and supply chain attacks covers the vulnerabilities unique to modern, integration-heavy architectures.


Why Follow This Blog

Spaceraccoon (Eugene Lim) focuses on the security challenges unique to modern cloud-native architectures. His research addresses the vulnerabilities that emerge when organizations rapidly adopt SaaS platforms, serverless functions, and complex integrations without fully understanding the security implications.

Key Topics Covered

Multi-Tenant Security

  • Tenant Isolation Bypass: Accessing other customers’ data
  • Shared Resource Exploitation: Exploiting common infrastructure
  • Cross-Tenant Attacks: Moving between isolated environments
  • Data Leakage: Unintended information disclosure

Cloud Platform Security

  • AWS Exploitation: IAM, S3, Lambda, and service-specific vulnerabilities
  • GCP Security: Google Cloud Platform attack vectors
  • Azure Attacks: Microsoft cloud service vulnerabilities
  • Multi-Cloud Issues: Security gaps in hybrid environments

API & Integration Security

  • Webhook Vulnerabilities: SSRF, authentication bypass, and injection
  • OAuth Misconfigurations: Authorization flow exploitation
  • GraphQL Security: Query manipulation and information disclosure
  • REST API Flaws: Endpoint security weaknesses

Supply Chain & Application Security

  • npm/Package Attacks: Dependency confusion and prototype pollution
  • Browser Extensions: Message-passing and privilege escalation
  • CI/CD Pipeline Attacks: Build system compromise
  • IoT Security: Hardware and API-level exploitation

Visit website → · RSS feed