From a compliance perspective, organizations need to have a hardening standard derived from an authoritative source with solid engineering-based reasons of why we depart from any of the recommendations. Most organizations use the Center for Internet Security (CIS) Hardening Benchmarks because that choice is easy to defend. The CIS benchmarks… Continue reading
Search this site
Check out my other project…
- Create an EC2 that runs Chrome for sandboxed websurfing
- Check Multiple AWS S3 Buckets for Missing Default Encryption
- The Equifax Data Breach and the Apache Struts Vulnerability
- Test Early, Test Often
- Linux Hardening
- Information Security at Startup Companies
- Timestamp bash_history with every command
Why didn't someone think of this before? --> Chrome Limits Websites' Access to Private Networks for Security Reasons https://thehackernews.com/2022/01/chrome-limits-websites-access-to.html
My long awaited updated complimentary Mini Course on Infosec Consulting is now ready - it's been 2 years since I updated and ran this free mini course. I answer the most common questions like "How to get clients" and "How to set pricing" and more.
Just finished another amazing week of SEC510 at SANS Cyber Security East: Dec 2021 and am proud to announce our CloudWars CTF winners: Stephen Bernard (1st place); Mathew Dilmaghani (2nd place); and Benjamin Fielden & Kyle Weeks (Tied for 3rd). Congrats gents!!