The objective of this talk to to create dialogue about the changing landscape concerning cloud environments. It doesn't matter which of the big three cloud providers we focus on, there is lacking conversation around how we identify sketchy activity of threat actors. Currently we are overwhelmed with threat actors leveraging cloud services to host attacking infrastructure, identify buckets and accounts with weak security controls, hosting stolen data, and many more nefarious types of activity. What are we doing about it? I'll share my research and techniques for hunting across cloud services, identifying attacker activity, and strengthen your cloud environment. Disclaimer: I will try not to rag on any specific cloud providers.