Step-by-step guides about
Cloud Security

A quick technical analysis of the AWS CloudShell service that provides a pre-configured shell on the cloud with access to your AWS account.

A walkthrough of the slides presented during the fwdcloudsec 2021 conference with details of findings and observations across different resources within the IBM cloud platform.

On AWS, Lambda Authorizers are frequently used with API Gateway, however, one must be careful when working with the policy documents for Lambda Authorizers. This tech talk by Alexandre & Leonardo takes you through interesting examples to showcase the attack vectors for APIs using the AWS API Gateway Lambda Authorizers.

An authentication bypass within Apache Airflow allowed an attacker to login as any user in the Airflow system. Post exploitation within the app, led to a full cloud account compromise on AWS.

An insightful presentation by Kavisha Seth on understanding and identifying different attack vectors on AWS and learning about various security controls that can be implemented.

EBS, S3, and EFS are three popular storage services provided by AWS. In this article, we take a look at each of these services and their use cases.