Adventures of a Cyber Security Professional
While taking some time off, I wanted to dig into the world of AI as it relates to password based attacks and password guessing. Breached password lists are gold standard and password hash cracking has been awhile for decades but I was more intrigued into whether a personal or free account user can prompt large … Continue reading Abusing AI for Password Guessing and social engineering
For cyber security folks, we're both horrified and laughing that a company named "Change Healthcare" who has stockpiles of marketing jargon for "Improving IT Security" also made the news for a cyber incident. As a cyber security professional by day and a partial owner and investor of a new medical business, this breach hits home … Continue reading CHANGE HEALTHCARE: ITS LITERALLY IN THE NAME
This article covers the end-to-end tasks for deploying and enabling an Okta OIDC supported HashiCorp Vault integration backed with Microsoft Active Directory group memberships. This is a quite long and intensive blog post and isn't intended for the casual reader. If you want to know whether VAULT supports OIDC and OKTA verify number challenges then … Continue reading IAM – Okta MFA + AD + OIDC & VAULT
About three months ago, I was studying Yubikey for the use of signed git commits and signed merges. During this, I ended up doing a small PoC on loading my Git repo's SSH key into a secure hard-token instead of leaving it on my local desktop for malware to compromise. So I took some step-by-step … Continue reading DEVSEC – protecting cicd with yubikey protected ssh keys
It's been a long weekend and I haven't left this cushy gaming chair in 12 hours, 20 if you don't count leaving for sleep... So let's cut to the chase so I can go ride my bike and enjoy a beer ... Here's a quick weekend project which automates almost all of the AWS GuardDuty … Continue reading DETECT/IR – automating aws guard-duty with terraform
intro It feels like we're taking a huge step back in secrets management security. AWS, Azure, GCP all have the concept of "roles" and "permissions". As many of you already know, those roles and their permissions can be mapped to your servers, lambda functions and native cloud services. But what's the impact to the Application … Continue reading CLOUDSEC – Hey CLOUD PROVIDERS! FIX THIS insecure secrets mgmt trend
INTRO It's been awhile since I've made time to write here. Was feeling bored today catching up a the latest buzz and discovered an extremely easy script kiddy exploit out in the wild called PWNKIT aka CVE-2021-4034 Qualys Research Team. Shout out to them. So What is it? The PWNKIT vulnerability is based on polkit’s … Continue reading APPSEC – PWNKIT – CVE-2021-4034
Azure app service is a quasi PaaS and IaaS type of solution. Most importantly, it can remove the idea of a DMZ and put the power of public internet access into the hands of developer, remove separation of duties and most interestingly create a back channel for malware command and control systems. Plus there are … Continue reading CLOUDSEC – Azure App Service – Cool feature or dangerous back channel ?
THE PROBLEM This is #1 in a series to learn more about secure software CICD supply chains. This post and other will go beyond "Googling how to set it up" and instead focus on more nuanced security and operational issues. At the executive level, supply chains attacks like the SolarWinds incident recently saw attackers exploit known vulnerabilities … Continue reading DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)
Disclaimer: All activity on this blog post are on my own personal time, my own personal devices and of my own personal opinion and do not represent that of my employers. about It's no secret by now that the studio behind Cyberpunk 2077 fell victim to a targeted cyber attack. If you comb through the … Continue reading GAMESEC – CD Projekt Red – Packet Analysis for Malware on Xbox one X
@secSandman 