From a compliance perspective, organizations need to have a hardening standard derived from an authoritative source with solid engineering-based reasons of why we depart from any of the recommendations. Most organizations use the Center for Internet Security (CIS) Hardening Benchmarks because that choice is easy to defend. The CIS benchmarks… Continue reading
Search this site
Check out my other project…
- Create an EC2 that runs Chrome for sandboxed websurfing
- Check Multiple AWS S3 Buckets for Missing Default Encryption
- The Equifax Data Breach and the Apache Struts Vulnerability
- Test Early, Test Often
- Linux Hardening
- Information Security at Startup Companies
- Timestamp bash_history with every command
- Has SHA-1 been hacked?
AWS, Azure, GCP, IBM Cloud, Oracle, and Alibaba Cloud ==> https://t.co/Xzs7tnAr0B #SEC545
If you’re constantly pushing yourself to work harder and faster, you’ll probably end up burning out. And burnout is never worth it.
You’ll be better off in the long run if you slow down and re-charge once in a while.
The 🌏 will never run out of big problems for you to work on.
I have flown about 10 times since buying @Clear and it has yet to properly identify me, no matter which biometrics used. They re-enroll me Evey 3rd time. Anyone else?
New blog post! AWS IAM Privilege Escalation with an Undocumented CodeStar API
What I expect to find when an org says "please evaluate our containerized microservices deployed across a hybrid infrastructure in a mulit-cloud environment..."