A hands-on introduction and walkthrough of GCP Goat - an intentionally vulnerable GCP environment to help understand common misconfigurations in Google Cloud and how attackers can take advantage of it.
A list of top 10 security best practices created based on our experience as attackers and defenders that can be employed to dramatically enhance the security of AWS S3 service.
A step-by-step guide on how to identify Log4j vulnerabilities on Windows machines using log4jscanwin
This post covers an introduction and instructions to set up the Inspec tool for learning.
Last week a vulnerability affecting the most common logging packages in Java, Log4j, was made public, complete with exploit code. The vulnerability is rated with a critical severity rating of 10. Successful exploitation allows for a very uncomplicated remote command execution without requiring any authentication over the Internet resulting in a complete compromise of data and system confidentiality, integrity and availability. This blogpost explains the detection methods, exploitation techniques and mitigation instructions of the vulnerability.
An AWS ELB with HTTP Desync mitigation mode set to **monitor** could allow a class of HTTP desynchronization attacks against the web server behind the Load Balancer. This article provides a step by step guide on how you can check and update the HTTP Desync mitigation mode for your ELB to a more secure option using AWS CLI.
