Security

Since my last post, on how to deal with information Overload and reading pipeline, I’ve created a free digest newsletter about AWS Security. The goal of this curated AWS Security Digest is to condensate what was happening from last week on the most relevant sources: 🔦 A Highlight of the week 👮 Change since last week on AWS Managed IAM Policies 💌 Curated Cloud Security Newsletters 👀 AWS API changes 🔒 IAM Permissions changes 🆙 Most upvoted posts on r/AWS 🔗 Top shared links on Twitter (by cloudsec folks) 🐦 Most engaged Tweets from the community This is an ongoing side project, so more content will be added over time. ...

TL;DR I’m now using PGP for archive file encryption. The trigger This summer, I read Permanent Record from Edward Snowden, “Ed” for those in the know. I was pretty impressed at how a government organization with billions of dollars budget can organize a mass surveillance program at a worldwide scale in only a few decades. “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.” ...

This Article was created posted in September 2019. Updated in February 2020. Disclaimer Thanks to @0xdabbad00 from SummitRoute for the original idea and jq parsing. Purpose When your production workloads rely on AWS IAM Managed Policies (don’t do this), you will need to be notified when changes occur behind the scene. It’s also interesting to monitor new AWS services releases prior announcements to get spoiled. This pet project automates the retrieval (every 4 hours) of new AWS Managed IAM Policies to make it easier to monitor and get alerted when changes occur (by AWS) using “Watch” feature from Github, RSS or dedicated Twitter Account. ...

In my day-to-day job, I was wasting my time to keep reinstall, and deal with dependencies of all my favorite tools for AWS Security Audits and Assessments. So, lately, I’ve decided to start another pet project trying to solve this issue and provide a simple Docker container that contains all security-related tooling for your AWS Assessments. I’ve decided to open-source it, after some discussion with my peers, they were interested in this kind of stuff to avoid wasting hours to install a myriad of Apps and Python dependencies on their own laptop or customer machine. ...

re:Inforce 2019 Il s’agit de la première édition de cette conférence AWS dédiée à la sécurité de ce Cloud Service Provider (CSP). AWS est actuellement en train de proposer de nouveaux événements et summits sur des sujets spécifiques, en plus de l’événement annuel, le re:Invent. Cette conférence aura lieu chaque année dans une ville différente des États-Unis, il est question de Houston pour l’année prochaine. https://reinforce.awsevents.com/ J’ai eu l’occasion de participer au re:Cap du re:Inforce proposé par AWS France, voici en synthèse, les éléments à ne pas manquer. ...