Uncategorized – Page 3

CLOUDSEC – Retroactively Tag Assets – Lamba Scripts

Posted on August 22, 2021August 28, 2021 by @s3cs&man in Uncategorized

Some old PoC content that I lost when porting over my old domain to the new one. Now-adays there are many ways to enforce tags across the Cloud providers since I wrote this code... the cloud providers have come up with additional policy frameworks that can be applied at top level objects and recursively tags … Continue reading CLOUDSEC – Retroactively Tag Assets – Lamba Scripts →

NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

Posted on August 21, 2021August 28, 2021 by @s3cs&man in Uncategorized

This is a PoC I did awhile back and I lost the original content when porting over to my new domain. Essentially this is a PoC code that can be modified to detect the source, destination and port/protocol network communication between boundaries within your cloud VPC for "weird" or "unusual" traffic. https://github.com/secSandman/lambda_netflows/blob/master/lambda-netflow-data-loss.js For example, you … Continue reading NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas →

OFFSEC – Pen-testing Azure Firewall IDPS & Threat Intel features (Azure Lab 2)

Posted on July 31, 2021August 28, 2021 by @s3cs&man in Uncategorized

Setting Off Alarms Have you ever seen an "alarm will sound" sign and think to yourself, "I feel like gambling today" and push the door open just to find that nothing happens and the sign was put there as a deterrent? Or maybe they pulled the wires to it because they were sick of people … Continue reading OFFSEC – Pen-testing Azure Firewall IDPS & Threat Intel features (Azure Lab 2) →

CLOUDSEC – Securing Cloud Networks with Hub-N-Spoke and Azure Firewall (Azure Lab 1)

Posted on July 23, 2021August 28, 2021 by @s3cs&man in Uncategorized

This lab builds a foundation Azure virtual to later test the Microsoft suite of security products in Azure. With the code examples and a few manual changes you can deploy one hub, four spokes with an advanced firewall appliance, jump hosts and IPSEC tunnel all within an hour using Azure ARM automation. Although Microsoft has … Continue reading CLOUDSEC – Securing Cloud Networks with Hub-N-Spoke and Azure Firewall (Azure Lab 1) →

CLOUDSEC – Public Cloud Web Shells …. a serious malware and DLP issue

Posted on April 28, 2021May 5, 2021 by @s3cs&man in Uncategorized

As you make your journey into the public cloud, you'll find an emerging trend of HTTP/s web enabled terminals. What I mean to say is, the remote access terminals like SSH and RDP are made available in a user friendly browser after the user has already authenticated to the public cloud console in their browser. … Continue reading CLOUDSEC – Public Cloud Web Shells …. a serious malware and DLP issue →

APPSEC – How to compromise Kubernetes – Full Red Team vs Blue Team demo

Posted on April 20, 2021May 4, 2021 by @s3cs&man in Uncategorized

This is a walk through of the Microsoft MITRE ATT&CK for Kubernetes that teaches the value of basic container security architecture requirements. If you're interested in higher level Architecture and Strategy check out my Study Guide. If you're interested in the attack surface and attack model at an enterprise level then check on my Threat … Continue reading APPSEC – How to compromise Kubernetes – Full Red Team vs Blue Team demo →

APPSEC – AWS Amplify+React XSS attacks against AWS localStorage vulnerabilities

Posted on April 12, 2021April 21, 2021 by @s3cs&man in Uncategorized

About Let's start off that ReAct and AWS Cognito are awesome and so is the serverless framework. You should spend some time learning about them because some great innovation went into them. Unfortunately, developers are using the serverless.com development tutorial using AWS Amplify + Cognito + ReAct.js and introducing a localStorage vulnerability which can be … Continue reading APPSEC – AWS Amplify+React XSS attacks against AWS localStorage vulnerabilities →

DETECT – Detecting IOCs on Kubernetes for fun and profit

Posted on April 12, 2021April 21, 2021 by @s3cs&man in Uncategorized

https://github.com/falcosecurity/falco https://github.com/falcosecurity/falcosidekick https://falco.org/blog/extend-falco-outputs-with-falcosidekick/ executive summary Falco and SideKick are open source tools which act as senors to monitor for indicators of compromise on your Kubernetes platform. The tools are officially part of The Cloud Native Computing Foundation (CNCF). If your looking for a low-cost yet effective way to put sensors on your Kubernetes environment, then … Continue reading DETECT – Detecting IOCs on Kubernetes for fun and profit →

OFFSEC – Writing Buffer Overflows and Reverse Engineering compiled binaries

Posted on April 4, 2021April 28, 2021 by @s3cs&man in Uncategorized

https://www.exploit-db.com/docs/47032 This tutorial started as a simple attempt to take notes and follow my curiosity on C programming, Assembly and Buffer Overflows work. Don’t take anything here as gospel because the content was written by a high-school drop-out without any formal computer science background. If you find something wildly wrong then let me know. From … Continue reading OFFSEC – Writing Buffer Overflows and Reverse Engineering compiled binaries →

PROTECT – Why & How to build Client-Side Encryption in React.Js and beyond

Posted on April 4, 2021April 21, 2021 by @s3cs&man in Uncategorized

What we're building .... client-side encrypted content with ReAct.JS and SJCL.js Problem Space GMAIL, Facebook, Instagram, Dropbox... you name it... they typically store your data "unencrypted" or with a limited encryption where they control the keys. This means all your emails, pictures, messages and files are sitting on someone else's computer for them to see. … Continue reading PROTECT – Why & How to build Client-Side Encryption in React.Js and beyond →