This blog post is not technical, I have to give you an early warning if you have come for the usual technical content. This year, I had the privilege to attend the queen of cloud tech events which is AWS re:Invent, live and in person from the beautiful city of…

What’s that famous saying by Mike Tyson? Aha! Yes, “…Everyone has a plan until you get punched in the mouth”. This pretty much summarizes my situation about two days ago. After studying extremely hard for months, I made the bold decision to attempt the exam, but I did not pass…

Some Theory. — Program Memory When a binary application is executed, it allocates memory in a very specific way within the memory boundaries used by modern computers. CPU Registers To perform efficient code execution, the CPU maintains and uses a series of nine 32-bit registers (on a 32-bit architecture platform). …

Gartner predicts that by 2022, application programming interface (API) attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications. Already, many well-publicized API security vulnerabilities have affected a wide range of organizations. As you already know, APIs have revolutionized how most applications are architected. During my time…

So, I have to give this disclaimer early on. For most people, well, the few that actually read my blogs, I know you see AWS and the next thing that comes to mind is security & IAM technical stuff and/or some cool lab thrown in there. Let’s forget all about…

Permissions Boundary. — Now, for most of us in security, at one point we have all heard about this thing referred to as privilege escalation — Defenders’ nightmare, attackers' golden ticket. What usually happens in such a situation is that a low privileged user will typically find a way to assume more elevated…

IAM policies in AWS are everything, and I mean that literally. Close to nothing works on AWS without proper IAM policies configuration. Policies are often associated with users, groups, or resources and they define who or what can access given AWS services. They can also define who or what cannot…

Namespace. — can be compared to a resource pool in VMware or tenant in azure, it’s a virtual cluster (a single physical cluster can run multiple virtual ones) Intended for environments with many users spread across multiple teams or projects, for isolation of concerns. Resources inside a namespace must be unique and…

Amazon VPC is the networking layer of Amazon EC2. Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the…