Category: academy

How to find vulnerable log4j instances across your AWS EC2 instances

A guide to help you discover vulnerable Log4j packages across multiple Linux machines using scripting and the AWS SSM to run commands remotely.
Dec 3, 2021 ~ 7 min read
aws
cloudsecurity
log4j
ec2instances
Authentication Bypass in Apache Airflow - CVE-2020-17526 and AWS Cloud Platform compromise

An authentication bypass within Apache Airflow allowed an attacker to login as any user in the Airflow system. Post exploitation within the app, led to a full cloud account compromise on AWS.
Jun 22, 2021 ~ 7 min read
mitreatta&ck
cloudsecurity
kubernetes
IAM Bad: Privilege Escalation using Misconfigured Policies in AWS IAM (Webinar)

A walkthrough of the slides covered as part of our Star Wars Day special webinar on IAM policy misconfigurations that can lead to privilege escalations and a takeover of the target AWS account.
May 6, 2021 ~ 14 min read
aws
cloudsecurity
iam
Rogue One: A Certified Kubernetes Administrator (CKA) Exam Story

My journey and experience with how I approached the CKA exam, failed it, learnt from my failure and passed it in my second attempt. Tips and Tricks included!
Mar 3, 2021 ~ 15 min read
kubernetes
cka
Part 9 - Mapping the MITRE ATT&CK framework to your Kubernetes cluster: Impact on the Cluster

This is the ninth and the last part of a series on the MITRE ATT&CK framework for Kubernetes, covering the Impact tactic with examples.
Feb 26, 2021 ~ 4 min read
mitreatta&ck
cloudsecurity
kubernetes
Part 8 - Mapping the MITRE ATT&CK framework to your Kubernetes cluster: Lateral Movement

This is the eighth part of a nine part series on the MITRE ATT&CK framework for Kubernetes, covering the Lateral Movement tactic with examples.
Feb 22, 2021 ~ 6 min read
mitreatta&ck
cloudsecurity
kubernetes

Newer posts

Older posts