Captain

joined 2 years ago
sorted by: new top controversial old
Training Tuesday - Discussions for certs, training and learning-at-home in c/cybersecurity@infosec.pub
[–] Captain@infosec.pub 2 points 2 years ago (1 children)

Well done, congratz!

Training Tuesday - Discussions for certs, training and learning-at-home in c/cybersecurity@infosec.pub
[–] Captain@infosec.pub 1 points 2 years ago (1 children)

Awesome, congratulations!

I've heard good things about the AWS Security Specialty certificate too. I've done a course for it which was great, though I never bothered to take the certificate (I don't feel the need for it). Have you considered it?

5
Beyond the AWS Security Maturity Roadmap (speakerdeck.com)
 

This gives a great overview of when to build, buy, or adopt an open source solution for a few different common cloud security challenges.

The talk can be seen here: https://youtu.be/JCphc30kFSw?t=2140

How to get rid of AWS access keys- Part 1: The easy wins in c/cloudsecurity@infosec.pub
[–] Captain@infosec.pub 1 points 2 years ago

Getting rid of long living access keys is such a win.

Adding an SCP to block creation is mentioned last in the blog post, but I'd sat that's the first thing one should do. That way the problem won't grow as you remove the existing ones (which might take a lot of time).

Good blog post indeed! Not exactly ground breaking but considering how common the problem is I don't blame them for writing it.

4
Crying Out Cloud: a magical podcast for cloud security enthusiasts (www.wiz.io)
 

Normally I wouldn't recommend a vendor based podcast, but Wiz is doing really cool stuff in the cloud security space so I'm inclined to give them a chance!

2
Add a favicon? (infosec.pub)
 

Currently infosec.pub doesn't seem to have any favicon. This makes it harder to identify which tabs and similar. It would be nice if it could be added!

5
Writeup: AWS API Gateway header smuggling and cache confusion (securityblog.omegapoint.se)
 

"This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system"

Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/

Toyota admits to yet another cloud leak in c/cloudsecurity@infosec.pub
[–] Captain@infosec.pub 3 points 2 years ago (1 children)

They say it's cloud breach by I didn't see what kind of cloud breach. Did I just miss it or was it not mentioned?

1
fwd:cloudsec live stream (www.youtube.com)
 

fwd:cloudsec is by far ny favorite cloud security conference. Day one has already passed (sessions are recorded) and day 2 is about to start.

See schedule at: https://fwdcloudsec.org/schedule.html

2
Who is behind this instance and how is it financed? (infosec.pub)
 

Hi!

I'm trying to get a better understanding of the longer term reliability of this instance. Is there any kind of about page or similar where I can read up on how it's setup, financed, managed etc?