Spaceraccoon
Cloud-native security and SaaS exploitation

Spaceraccoon is a key resource for understanding cloud-native attack surfaces. Eugene’s research into SaaS tenancy, webhook security, and supply chain attacks covers the vulnerabilities unique to modern, integration-heavy architectures.
Why Follow This Blog
Spaceraccoon (Eugene Lim) focuses on the security challenges unique to modern cloud-native architectures. His research addresses the vulnerabilities that emerge when organizations rapidly adopt SaaS platforms, serverless functions, and complex integrations without fully understanding the security implications.
Key Topics Covered
Multi-Tenant Security
- Tenant Isolation Bypass: Accessing other customers’ data
- Shared Resource Exploitation: Exploiting common infrastructure
- Cross-Tenant Attacks: Moving between isolated environments
- Data Leakage: Unintended information disclosure
Cloud Platform Security
- AWS Exploitation: IAM, S3, Lambda, and service-specific vulnerabilities
- GCP Security: Google Cloud Platform attack vectors
- Azure Attacks: Microsoft cloud service vulnerabilities
- Multi-Cloud Issues: Security gaps in hybrid environments
API & Integration Security
- Webhook Vulnerabilities: SSRF, authentication bypass, and injection
- OAuth Misconfigurations: Authorization flow exploitation
- GraphQL Security: Query manipulation and information disclosure
- REST API Flaws: Endpoint security weaknesses
Supply Chain & Application Security
- npm/Package Attacks: Dependency confusion and prototype pollution
- Browser Extensions: Message-passing and privilege escalation
- CI/CD Pipeline Attacks: Build system compromise
- IoT Security: Hardware and API-level exploitation