Mandiant's front-line experiences in incident response reveal common overlooked areas leading to cloud compromises. Drawing on numerous technical case studies, we cover patterns and offer strategies to fortify cloud environments: 1) Living off the Land (in the Cloud): We observe that intrusions often stem from traditional on-premise systems like Active Directory, VMware infrastructure, and MDM/EDR tools. Our discussion will delve into how these platforms can be safeguarded to prevent such incidents. 2) Extended Attack Surface: Cloud and hybrid environments naturally extend organizational attack surfaces. This section will explore the challenges posed by inadequate controls, the sprawl of credentials and the array of tools attackers utilize to exploit these vulnerabilities. 3) Third-Party Access: 2023 has seen a significant rise in incidents involving third parties and Managed Service Providers. We'll tackle the critical question: How can organizations continue to engage third parties without compromising their security posture? We will also cover proactive defense strategies and robust incident response capabilities to protect and react swiftly to threats within cloud environments.