Use AWS Config To Hunt Public S3 Buckets

This post covers using AWS Config as a starting point to find public s3 buckets in your organization.

Set Security Headers using Cloudflare Workers

This article covers previous work and introduces a warning

Find Resources With AWS Config

Use AWS Config to locate AWS resources

How to Securely Configure CloudFlare with S3

This post covers how to secure an S3 bucket serving content through Cloudflare

Site Update: Cloudflare

This site now uses CloudFlare

AWS Cloudwatch

AWS CloudWatch enables monitoring and alerting on cloud events.

AWS Security Hub

AWS Security Hub eases the pain of cloud monitoring

Protect AWS API Gateway with AWS WAF

Help protect APIGW from attackers with AWS WAF

AWS CloudTrail

AWS CloudTrail is the cornerstone of cloud SECOPS

Public Bug Bounty Rules of Engagement

I share my experience and lessons learned from operating a public bug bounty.

Extract files from network capture

Extract files from tcpdump or wireshark captures

Decrypting Java TLS to View in Wireshark

Use this to recover TLS session keys for a java program.

Mallory in the Mobile

Use mallory proxy to view non-https encrypted mobile traffic

The new face of the security team DoS

Nearly a year ago, I wrote about an emerging trend I observed with some of the bounty researchers I was interacting with. This screed can be considered an extension of that article.

My Security 101 - 2018 update

In a post from 2015,, I write about some of the “Security 101” issues I considered to be fundamental. Since 2015, I’ve been exposed to several environments where I have seen the same basic security fails.

Static Analysis with Burp Suite

I’m so far behind the times, it’s sad. Burp Suite gained the ability to perform static analysis on JavaScript libraries back in 2014. Some sites and authors have already blogged about what their approach is for implementing this.

Cross-Account file access on AWS S3

The Problem Secure file sharing using AWS S3: I upload a file to an S3 bucket with restricted permissions The client downloads the file and processes it The client uploads the results to the S3 bucket I download the processed file and the transaction is complete I thought setting the permissions on the bucket would be enough.

A Lesson for Bug Bounty Researchers

I’m managing a bug bounty program that has shown tremendous benefit so far. Several findings have been extremely clever, and I’ve been fortunate enough to have good interactions with the vulnerability researchers.

iOS and Android Native Code Protections

iOS Secure Boot Chain Each step of the startup process contains components that are cryptographically signed by Apple to ensure integrity and that proceed only after verifying the chain of trust.

Password Manager Advice

A developer at work asked a general question to the group: “I’m thinking about using either LastPass or 1Password, anything I should know?” As the team’s newest “Security Guy”, I answered with this brief response: