Latest from SECSANDMAN

DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

THE PROBLEM This is #1 in a series to learn more about secure software CICD supply chains. This post and other will go beyond “Googling how to set it up” and instead focus on more nuanced security and operational issues. At the executive level, supply chains attacks like the SolarWinds incident recently saw attackers exploit known vulnerabilities … Continue reading DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

Panel 1

Home

Latest from SECSANDMAN

NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

This is a PoC I did awhile back and I lost the original content when porting over to my new domain. Essentially this is a PoC code that can be modified to detect the source, destination and port/protocol network communication between boundaries within your cloud VPC for “weird” or “unusual” traffic. https://github.com/secSandman/lambda_netflows/blob/master/lambda-netflow-data-loss.js For example, you … Continue reading NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

Panel 2 Placeholder
Panel 3 Placeholder
Panel 4 Placeholder