Not long ago, I was reading a debate on a Linkedin.com forum discussing all kinds of edge cases that some participants were arguing needed to be considered in a security policy regarding some particular aspect of security. In fact, I forget what the issue was, but it was clear that… Continue reading
Search this site
Check out my other project…
- Create an EC2 that runs Chrome for sandboxed websurfing
- Check Multiple AWS S3 Buckets for Missing Default Encryption
- The Equifax Data Breach and the Apache Struts Vulnerability
- Test Early, Test Often
- Linux Hardening
- Information Security at Startup Companies
- Timestamp bash_history with every command
- Has SHA-1 been hacked?
We spotted a new #AWS coin mining attack this weekend. Here's some of the interesting observations 🔎🔎🔎
📍Attacker had root access
📍Spun up 10 c5.4xlarge EC2s
📍Brought their own SSH keys 👀
📍Bot framework written in Golang
More tidbits 👇
The AWS Security Incident Guide came out last month and is chock-full of guidance, much of which is covered in @SANSCloudSec #SEC545 but with a deep AWS-specific twist. A definite must-read. https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf
🌤️☁️ Subscribe to the new Cloud Security channel for great content from @KyleHaxWhy @emjohn20 @mosesrenegade @KennethGHartman and other SANS instructors and authors!
The Verge: Microsoft’s new Windows File Recovery tool lets you retrieve deleted documents.