CLOUDSEC – Azure App Service – Cool feature or dangerous back channel ?

Azure app service is a quasi PaaS and IaaS type of solution. Most importantly, it can remove the idea of a DMZ and put the power of public internet access into the hands of developer, remove separation of duties and most interestingly create a back channel for malware command and control systems. Plus there are … Continue reading CLOUDSEC – Azure App Service – Cool feature or dangerous back channel ?

DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

THE PROBLEM This is #1 in a series to learn more about secure software CICD supply chains. This post and other will go beyond "Googling how to set it up" and instead focus on more nuanced security and operational issues. At the executive level, supply chains attacks like the SolarWinds incident recently saw attackers exploit known vulnerabilities … Continue reading DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

CD Projekt Red – Packet Analysis for Malware on Xbox one X

Disclaimer: All activity on this blog post are on my own personal time, my own personal devices and of my own personal opinion and do not represent that of my employers. about It's no secret by now that the studio behind Cyberpunk 2077 fell victim to a targeted cyber attack. If you comb through the … Continue reading CD Projekt Red – Packet Analysis for Malware on Xbox one X

CLOUDSEC – Retroactively Tag Assets – Lamba Scripts

Some old PoC content that I lost when porting over my old domain to the new one. Now-adays there are many ways to enforce tags across the Cloud providers since I wrote this code... the cloud providers have come up with additional policy frameworks that can be applied at top level objects and recursively tags … Continue reading CLOUDSEC – Retroactively Tag Assets – Lamba Scripts

NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

This is a PoC I did awhile back and I lost the original content when porting over to my new domain. Essentially this is a PoC code that can be modified to detect the source, destination and port/protocol network communication between boundaries within your cloud VPC for "weird" or "unusual" traffic. https://github.com/secSandman/lambda_netflows/blob/master/lambda-netflow-data-loss.js For example, you … Continue reading NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

OFFSEC – Pen-testing Azure Firewall IDPS & Threat Intel features (Azure Lab 2)

Setting Off Alarms Have you ever seen an "alarm will sound" sign and think to yourself, "I feel like gambling today" and push the door open just to find that nothing happens and the sign was put there as a deterrent? Or maybe they pulled the wires to it because they were sick of people … Continue reading OFFSEC – Pen-testing Azure Firewall IDPS & Threat Intel features (Azure Lab 2)

CLOUDSEC – Securing Cloud Networks with Hub-N-Spoke and Azure Firewall (Azure Lab 1)

This lab builds a foundation Azure virtual to later test the Microsoft suite of security products in Azure. With the code examples and a few manual changes you can deploy one hub, four spokes with an advanced firewall appliance, jump hosts and IPSEC tunnel all within an hour using Azure ARM automation. Although Microsoft has … Continue reading CLOUDSEC – Securing Cloud Networks with Hub-N-Spoke and Azure Firewall (Azure Lab 1)

CLOUDSEC – Public Cloud Web Shells …. a serious malware and DLP issue

As you make your journey into the public cloud, you'll find an emerging trend of HTTP/s web enabled terminals. What I mean to say is, the remote access terminals like SSH and RDP are made available in a user friendly browser after the user has already authenticated to the public cloud console in their browser. … Continue reading CLOUDSEC – Public Cloud Web Shells …. a serious malware and DLP issue

APPSEC – How to compromise Kubernetes – Full Red Team vs Blue Team demo

This is a walk through of the Microsoft MITRE ATT&CK for Kubernetes that teaches the value of basic container security architecture requirements. If you're interested in higher level Architecture and Strategy check out my Study Guide. If you're interested in the attack surface and attack model at an enterprise level then check on my Threat … Continue reading APPSEC – How to compromise Kubernetes – Full Red Team vs Blue Team demo

APPSEC – AWS Amplify+React XSS attacks against AWS localStorage vulnerabilities

About Let's start off that ReAct and AWS Cognito are awesome and so is the serverless framework. You should spend some time learning about them because some great innovation went into them. Unfortunately, developers are using the serverless.com development tutorial using AWS Amplify + Cognito + ReAct.js and introducing a localStorage vulnerability which can be … Continue reading APPSEC – AWS Amplify+React XSS attacks against AWS localStorage vulnerabilities