Step-by-step guides about
Cloud Security

A repository should not be made public unless it is intended to be so. This article provides quick steps to change the visibility of a public repository to private in GitHub.

Once configured to work with DigitalOcean, Steampipe pulls metadata about resources running in the cloud which we can then query using SQL queries.

Steampipe is a tool that allows for data collection from various cloud providers and exposing them as APIs via a high-performance relational database, giving you the ability to write SQL-based queries to explore data.

This document takes you through the steps required to run a local GitHub runner and use that to scan GitHub repositories for secrets using TruffleHog.

Having IMDSv1 enabled on your instances allows attackers to use vulnerabilities like SSRF to gain access to sensitive information of your instances. In this article we will walk through the steps to update an EC2 instance from IMDSv1 to IMDSv2 using AWS CLI.

Having an access key for the Root user poses the risk of being misused or stolen, since this user has unrestricted access in the account. If your Root user also has access keys that you would like to remove, here is a step-by-step guide to do so.