Use AWS Config To Hunt Public S3 Buckets

This post covers using AWS Config as a starting point to find public s3 buckets in your organization.

Find Resources With AWS Config

Use AWS Config to locate AWS resources

How to Securely Configure CloudFlare with S3

This post covers how to secure an S3 bucket serving content through Cloudflare

Site Update: Cloudflare

This site now uses CloudFlare

AWS Cloudwatch

AWS CloudWatch enables monitoring and alerting on cloud events.

AWS Security Hub

AWS Security Hub eases the pain of cloud monitoring

Protect AWS API Gateway with AWS WAF

Help protect APIGW from attackers with AWS WAF

AWS CloudTrail

AWS CloudTrail is the cornerstone of cloud SECOPS

Cross-Account file access on AWS S3

The Problem Secure file sharing using AWS S3: I upload a file to an S3 bucket with restricted permissions The client downloads the file and processes it The client uploads the results to the S3 bucket I download the processed file and the transaction is complete I thought setting the permissions on the bucket would be enough.

Fix AWS SSL Certificate error in Burpsuite

This morning, while I was trying to proxy traffic to this site in Burpsuite, I ran across an SSL handshake error. Googling the issue returned this helpful article that got me started on the right path.

Static Sites in 2016 - Updated

In a previous post I discussed the complicated process of configuring S3 to use Letsencrypt to obtain a TLS certificate. That post served as a reference for me to re-implement Letsencrypt every 90 days.

Static Sites in 2016

It’s early 2016, and there are a multitude of content management systems and blog platforms out there: Wikipedia’s List of Content Management Systems The security blog I contribute to, Penetrate.