In order to profit effectively from a ransomware attack, a threat actor needs to have something to offer in return for payment. This blog post outlines a process to encrypt AWS resources and then revoke access to the secret material until the ransom is paid.
Apparently, this post caused some consternation at AWS, and perhaps this technique is too effective to publish here. So, the original post has been revised to remove the actual scripts, include some mitigations, and provide commentary on how both Public Cloud (AWS Included) and Generative AI are dangerous tools in the hands of the general public and need more regulation.
I feel like the phrase “disruptor” is an overused, Valley-Bro trope. However I can’t think of a better phrase to describe Tailscale, and what it will do to the enterprise firewall and VPN market for the security 99%.
My latest post at Steampipe.io is Enrich Splunk events with Steampipe . This was a fun one to write because it was a culmination on my recent IR work at BSides Atlanta and BSides Augusta.
I’ve written some crazy contraptions to get this stuff into Splunk, and I’ve got to say, Steampipe made it super easy.
I got a bug to tell everyone about the sessions I’m looking forward to at re:Invent this year. Check it out.
I found myself taking a new job this fall. One surprising aspect of that job was they had scheduled a company all-hands in Kuala Lumpur (KL) in mid-September. So after our family trip to Amsterdam, Finland, Sweden, and Estonia, I now had a trip to South East Asia on my calendar.
This post is mainly intended as random travel advice for visiting Malaysia, flying SkyTeam, dealing with internet access, etc. There will be minimal if any, cloud security content.
At BSides Atlanta today I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane. You can find the Slides here.
This is part two of Baltic Adventures. Part One captured the chaos of post-pandemic travel and our bonus tour of Amsterdam. This post will cover our 4 days in Finland.
This will be the first in a series of travel-related posts. I found a distinct lack of information on the internet about some specific logistical things around international travel. I hope these posts are useful to whoever finds them via some Google-fu.
This summer, myself, my wife, and the 10-year-old are on a three-country, four-city tour of the Baltics. We picked this itinerary because 1) we found a good price on Delta One, and 2) at the time we booked it, we wanted to visit some countries that geopolitical affairs might make impossible in the future. So we’re going to Finland, Sweden, and Estonia!
A cheerful ghost of cloud security yet to come. I’ll talk about where CloudSec really needs to focus - on the pipeline and ultimately on the cloud developer or engineer. Finally, I’ll close out with a one-year roadmap for how I’d build a third (fourth) program if I’m crazy enough to do this again at my next job.
Following up on the Tar-Pit of CSPM, I feel the need to offer something more constructive for CloudSecurity practitioners to do. Cloud Security Posture Monitoring is “here’s a spreadsheet of issues, go fix them”. There are other ways, but none of them are a panacea.
