@s3cs&man

IAM – Okta MFA + AD + OIDC & VAULT

Posted on February 21, 2022February 21, 2022 by @s3cs&man

This article covers the end-to-end tasks for deploying and enabling an Okta OIDC supported HashiCorp Vault integration backed with Microsoft Active Directory group memberships. This is a quite long and intensive blog post and isn't intended for the casual reader. If you want to know whether VAULT supports OIDC and OKTA verify number challenges then … Continue reading IAM – Okta MFA + AD + OIDC & VAULT →

DEVSEC – protecting cicd with yubikey protected ssh keys

Posted on February 8, 2022February 8, 2022 by @s3cs&man

About three months ago, I was studying Yubikey for the use of signed git commits and signed merges. During this, I ended up doing a small PoC on loading my Git repo's SSH key into a secure hard-token instead of leaving it on my local desktop for malware to compromise. So I took some step-by-step … Continue reading DEVSEC – protecting cicd with yubikey protected ssh keys →

DETECT/IR – automating aws guard-duty with terraform

Posted on February 6, 2022February 6, 2022 by @s3cs&man

It's been a long weekend and I haven't left this cushy gaming chair in 12 hours, 20 if you don't count leaving for sleep... So let's cut to the chase so I can go ride my bike and enjoy a beer ... Here's a quick weekend project which automates almost all of the AWS GuardDuty … Continue reading DETECT/IR – automating aws guard-duty with terraform →

CLOUDSEC – Hey CLOUD PROVIDERS! FIX THIS insecure secrets mgmt trend

Posted on February 2, 2022March 23, 2022 by @s3cs&man

intro It feels like we're taking a huge step back in secrets management security. AWS, Azure, GCP all have the concept of "roles" and "permissions". As many of you already know, those roles and their permissions can be mapped to your servers, lambda functions and native cloud services. But what's the impact to the Application … Continue reading CLOUDSEC – Hey CLOUD PROVIDERS! FIX THIS insecure secrets mgmt trend →

APPSEC – PWNKIT – CVE-2021-4034

Posted on January 27, 2022January 27, 2022 by @s3cs&man

INTRO It's been awhile since I've made time to write here. Was feeling bored today catching up a the latest buzz and discovered an extremely easy script kiddy exploit out in the wild called PWNKIT aka CVE-2021-4034 Qualys Research Team. Shout out to them. So What is it? The PWNKIT vulnerability is based on polkit’s … Continue reading APPSEC – PWNKIT – CVE-2021-4034 →

CLOUDSEC – Azure App Service – Cool feature or dangerous back channel ?

Posted on September 12, 2021October 27, 2021 by @s3cs&man

Azure app service is a quasi PaaS and IaaS type of solution. Most importantly, it can remove the idea of a DMZ and put the power of public internet access into the hands of developer, remove separation of duties and most interestingly create a back channel for malware command and control systems. Plus there are … Continue reading CLOUDSEC – Azure App Service – Cool feature or dangerous back channel ? →

DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of)

Posted on September 2, 2021September 2, 2021 by @s3cs&man

THE PROBLEM This is #1 in a series to learn more about secure software CICD supply chains. This post and other will go beyond "Googling how to set it up" and instead focus on more nuanced security and operational issues. At the executive level, supply chains attacks like the SolarWinds incident recently saw attackers exploit known vulnerabilities … Continue reading DEVSEC – Mitigating supply chain software attacks with Yubikey signed GIT commits (sort-of) →

GAMESEC – CD Projekt Red – Packet Analysis for Malware on Xbox one X

Posted on August 28, 2021February 8, 2022 by @s3cs&man

Disclaimer: All activity on this blog post are on my own personal time, my own personal devices and of my own personal opinion and do not represent that of my employers. about It's no secret by now that the studio behind Cyberpunk 2077 fell victim to a targeted cyber attack. If you comb through the … Continue reading GAMESEC – CD Projekt Red – Packet Analysis for Malware on Xbox one X →

CLOUDSEC – Retroactively Tag Assets – Lamba Scripts

Posted on August 22, 2021August 28, 2021 by @s3cs&man

Some old PoC content that I lost when porting over my old domain to the new one. Now-adays there are many ways to enforce tags across the Cloud providers since I wrote this code... the cloud providers have come up with additional policy frameworks that can be applied at top level objects and recursively tags … Continue reading CLOUDSEC – Retroactively Tag Assets – Lamba Scripts →

NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas

Posted on August 21, 2021August 28, 2021 by @s3cs&man

This is a PoC I did awhile back and I lost the original content when porting over to my new domain. Essentially this is a PoC code that can be modified to detect the source, destination and port/protocol network communication between boundaries within your cloud VPC for "weird" or "unusual" traffic. https://github.com/secSandman/lambda_netflows/blob/master/lambda-netflow-data-loss.js For example, you … Continue reading NETSEC – Detecting unusual traffic in the Cloud using Flowlogs/Lambdas →