Latest from SECSANDMAN
IAM – Okta MFA + AD + OIDC & VAULT
This article covers the end-to-end tasks for deploying and enabling an Okta OIDC supported HashiCorp Vault integration backed with Microsoft Active Directory group memberships. This is a quite long and intensive blog post and isn’t intended for the casual reader. If you want to know whether VAULT supports OIDC and OKTA verify number challenges then…
DEVSEC – protecting cicd with yubikey protected ssh keys
About three months ago, I was studying Yubikey for the use of signed git commits and signed merges. During this, I ended up doing a small PoC on loading my Git repo’s SSH key into a secure hard-token instead of leaving it on my local desktop for malware to compromise. So I took some step-by-step…
DETECT/IR – automating aws guard-duty with terraform
It’s been a long weekend and I haven’t left this cushy gaming chair in 12 hours, 20 if you don’t count leaving for sleep… So let’s cut to the chase so I can go ride my bike and enjoy a beer … Here’s a quick weekend project which automates almost all of the AWS GuardDuty…
@secSandman 