Articles

DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

THE PROBLEM This is #1 in a series to learn more about secure software CICD supply chains. This post and other will go beyond “Googling how to set it up” and instead focus on more nuanced security and operational issues. At the executive level, supply chains attacks like the SolarWinds incident recently saw attackers exploit known vulnerabilities … Continue reading DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

This is a PoC I did awhile back and I lost the original content when porting over to my new domain. Essentially this is a PoC code that can be modified to detect the source, destination and port/protocol network communication between boundaries within your cloud VPC for “weird” or “unusual” traffic. https://github.com/secSandman/lambda_netflows/blob/master/lambda-netflow-data-loss.js For example, you … Continue reading NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

OFFSEC – Pen-testing Azure Firewall IDPS & Threat Intel features (Azure Lab 2)

Setting Off Alarms Have you ever seen an “alarm will sound” sign and think to yourself, “I feel like gambling today” and push the door open just to find that nothing happens and the sign was put there as a deterrent? Or maybe they pulled the wires to it because they were sick of people … Continue reading OFFSEC – Pen-testing Azure Firewall IDPS & Threat Intel features (Azure Lab 2)

CLOUDSEC – Securing Cloud Networks with Hub-N-Spoke and Azure Firewall (Azure Lab 1)

This lab builds a foundation Azure virtual to later test the Microsoft suite of security products in Azure. With the code examples and a few manual changes you can deploy one hub, four spokes with an advanced firewall appliance, jump hosts and IPSEC tunnel all within an hour using Azure ARM automation. Although Microsoft has … Continue reading CLOUDSEC – Securing Cloud Networks with Hub-N-Spoke and Azure Firewall (Azure Lab 1)

CLOUDSEC – Public Cloud Web Shells …. a serious malware and DLP issue

As you make your journey into the public cloud, you’ll find an emerging trend of HTTP/s web enabled terminals. What I mean to say is, the remote access terminals like SSH and RDP are made available in a user friendly browser after the user has already authenticated to the public cloud console in their browser. … Continue reading CLOUDSEC – Public Cloud Web Shells …. a serious malware and DLP issue

APPSEC – How to compromise Kubernetes – Full Red Team vs Blue Team demo

This is a walk through of the Microsoft MITRE ATT&CK for Kubernetes that teaches the value of basic container security architecture requirements. If you’re interested in higher level Architecture and Strategy check out my Study Guide. If you’re interested in the attack surface and attack model at an enterprise level then check on my Threat … Continue reading APPSEC – How to compromise Kubernetes – Full Red Team vs Blue Team demo

APPSEC – AWS Amplify+React XSS attacks against AWS localStorage vulnerabilities

About Let’s start off that ReAct and AWS Cognito are awesome and so is the serverless framework. You should spend some time learning about them because some great innovation went into them. Unfortunately, developers are using the serverless.com development tutorial using AWS Amplify + Cognito + ReAct.js and introducing a localStorage vulnerability which can be … Continue reading APPSEC – AWS Amplify+React XSS attacks against AWS localStorage vulnerabilities

DETECT – Detecting IOCs on Kubernetes for fun and profit

https://github.com/falcosecurity/falco https://github.com/falcosecurity/falcosidekick https://falco.org/blog/extend-falco-outputs-with-falcosidekick/ executive summary Falco and SideKick are open source tools which act as senors to monitor for indicators of compromise on your Kubernetes platform. The tools are officially part of The Cloud Native Computing Foundation (CNCF). If your looking for a low-cost yet effective way to put sensors on your Kubernetes environment, then … Continue reading DETECT – Detecting IOCs on Kubernetes for fun and profit


Follow My Blog

Get new content delivered directly to your inbox.