Latest from SECSANDMAN
Azure app service is a quasi PaaS and IaaS type of solution. Most importantly, it can remove the idea of a DMZ and put the power of public internet access into the hands of developer, remove separation of duties and most interestingly create a back channel for malware command and control systems. Plus there are … Continue reading CLOUDSEC – Azure App Service – Cool feature or dangerous back channel ?
THE PROBLEM This is #1 in a series to learn more about secure software CICD supply chains. This post and other will go beyond “Googling how to set it up” and instead focus on more nuanced security and operational issues. At the executive level, supply chains attacks like the SolarWinds incident recently saw attackers exploit known vulnerabilities … Continue reading DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)
Disclaimer: All activity on this blog post are on my own personal time, my own personal devices and of my own personal opinion and do not represent that of my employers. about It’s no secret by now that the studio behind Cyberpunk 2077 fell victim to a targeted cyber attack. If you comb through the … Continue reading CD Projekt Red – Packet Analysis for Malware on Xbox one X