Learn Cloud Security
Page 8 of 13
How to update AWS AMI permission from Public to Private
A cloud administrator can create an instance with all tools and software installed and then make an image out of this to be reused in the future. This image could contain proprietary data and code etc. that could be abused by an attacker if they gain access to the AMI.
Allowing IAM users to access AWS EKS using kubectl
For any managed service on AWS, the more you rely on IAM for authentication and authorization, the more you reduce your attack surface. In this article, we will see how we can create users of various permission levels in an AWS EKS cluster and map the user to an AWS IAM user.
How to secure AWS S3 buckets with sensitive data
A lot of users, organizations and even nation states and governments utilize the versatility of Amazon’s S3 service. Any data that is stored on S3 needs to maintain the basic tenets of security, which include encryption of data at rest, in motion, authorization to access the data and assurance that actions performed on the data are auditable. In this article, we will take a look at how we can use the features provided by S3 to ensure our data is secure on the cloud.
An introduction to Service Control Policies (SCPs) in AWS
This article gives introduction on Service Control Policies (SCPs) in AWS .
Attacking Modern Environments Series: Attack Vectors on Terraform Environments
Terraform is a popular IAC orchestrator that is widely used for standardising and executing infrastructure deployments, but since it has privileges on the cloud platforms, Mazin Ahmed shares why it is important to understand which attack vectors exist, and what can be done about them.
Cloud Security Orienteering
A presentation on how one can quickly get familiar with new cloud environments and accelerate the process of identifying security issues and addressing them.
Scanning IPv6 with v6disc
`v6disc` is a shell script that was created to quickly and automatically discover IPv6 hosts with the option to ping or run nmap against discovered hosts.
Scanning IPv6 with Masscan
Masscan is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine. This is thanks to it being written in C, having its own ad-hoc TCP/IP stack and asynchronous transmission similar to port scanners like scanrand, unicornscan, and ZMap.
How to create a Virtual Machine on Google Cloud
Creating Virtual Machines on cloud platforms is one of the most common activities. This article is a quick guide for creating a Virtual Machine on Google Cloud.
Scanning IPv6 with RustScan
RustScan is a port scanning tool for scanning IPv6 networks. This article features a quick guide on setting up and using RustScan’s port scanning capabilities.
Identifying Toxic Combinations of Permissions in Your Cloud Infrastructure
Excessive permissions in cloud accounts can significantly increase the attack surface. It is important to understand what permissions are assigned to various users, groups, roles, service accounts versus what permissions they actually need.
Getting started with AWS ELB - Network Load Balancer
This article is a quick introduction to network load balancing and how to create a Network Load Balancer on AWS.