Adan – Medium

Adan

Pinned

Cybersecurity — It’s All About Trust

Last year, I wrote about the importance of understanding risks in cybersecurity and the critical role of risk reduction. Recently, I’ve…

Dec 30, 2023

Cybersecurity — It’s All About Trust

Dec 30, 2023

Gaining Long-Term AWS Access with CodeBuild and GitHub

Discover how attackers can abuse AWS CodeBuild and GitHub Actions to gain stealthy persistence in compromised AWS environments.

Apr 13

Gaining Long-Term AWS Access with CodeBuild and GitHub

Apr 13

GitHub Actions and the Pinning Problem: What 100 Security Projects Reveal

Only 7/100 popular security projects pin everything. Here’s what I learned digging into the data.

Mar 29

GitHub Actions and the Pinning Problem: What 100 Security Projects Reveal

Mar 29

DIY — Evaluating AWS Native Approaches for Detecting Suspicious API Calls

While in my previous articles from the DIY series, I explored how to build solutions with LLMs (Using Semgrep with LLMs and Building a…

Mar 2

DIY — Evaluating AWS Native Approaches for Detecting Suspicious API Calls

Mar 2

DIY — Using Semgrep with LLMs to Improve Code Reviews

DIY code reviews: Using open-source Semgrep + AWS Bedrock AI to auto-suggest fixes for vulnerabilities.

Feb 22

DIY — Using Semgrep with LLMs to Improve Code Reviews

Feb 22

Breached? Not Game Over: Learn How to Turn the Tables on AWS Attackers!

A breach in AWS isn’t game over, initial access is just the first move. Learn how to rig the game and win.

Feb 9

Breached? Not Game Over: Learn How to Turn the Tables on AWS Attackers!

Feb 9

DIY — Building a Cost-Effective Questionnaire Automation with Bedrock

Security questionnaires are very common today. When customers consider your product, especially if you’re a startup, they often ask for…

Jan 20

DIY — Building a Cost-Effective Questionnaire Automation with Bedrock

Jan 20

GetFederationToken: A Simple AWS Persistence Technique Used in the Wild

My last two articles (how attackers can abuse IAM Roles Anywhere for persistent AWS access and gaining AWS persistence by updating a SAML…

Dec 6, 2024

GetFederationToken: A Simple AWS Persistence Technique Used in the Wild

Dec 6, 2024

How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access

When AWS introduced IAM Roles Anywhere in July 2022 (AWS Announcement), I made my first contribution to Stratus Red Team. I believed this…

Oct 27, 2024

How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access

Oct 27, 2024

Gaining AWS Persistence by Updating a SAML Identity Provider

When an attacker compromises an AWS account, one of the first tactics they will try is gaining persistence. This is because, in many cases…

Sep 22, 2024

Gaining AWS Persistence by Updating a SAML Identity Provider

Sep 22, 2024

Adan

Adan

Cyber Security Engineer interested in Pentesting | Cloud Security | Adversary Emulation | Threat Hunting | Purple Teaming | SecDevOps - https://adan.cloud/

Following

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech