Based on real-world experience and research, this whitepaper shares insights into five of the most dangerous and common IaaS configuration mistakes. These are: Early hacked administrative credentials, early network access controls, unconstrained Blast radius, poor event logging and early access to data assets. We discuss the specific weaknesses those configuration mistakes can create, how those weaknesses can be exploited and how to detect those weaknesses manually or through automation. We also discuss the potential impacts of being exploited by those mistakes.”]