Dec 28, 2020Member-onlyBack to Basics: Vulnerability Assessments vs Penetration TestThe chances are that you have heard the term vulnerability assessments used interchangeably with pentest, or vice versa. If you haven’t, consider yourself luck (or perhaps you work with orgs keeping up with the times). There is also a good chance that you may have been part of a team…Penetration Testing3 min readPenetration Testing3 min read
Nov 13, 2020Member-onlyBack To Basic: Security EngineersSecurity Engineers Security engineering is a position or title that can vary in scope — but never in weight to impact for the organization that employees the security engineer. …Security Engineering3 min readSecurity Engineering3 min read
Nov 12, 2020Member-onlyBack to Basics: Defense in DepthWhat is defense in depth? Defense in depth (DiD) is a process or approach that applies a series of different technical and non-technical cyber strategies to apply a layered security approach to help protect an organization from malicious activity. Essentially, each safeguard acts as a safe redundancy of the last and makes it, so cybercriminals…Cybersecurity3 min readCybersecurity3 min read
Nov 11, 2020Member-onlyBack to basics: S3 Bucket Security IssuesSince it’s a recent common growth, cloud computing has become something of a novelty. Being able to scale computing environments within minutes is both cost-effective and stellar when you're in a pinch and need to stand up a quick warm site to support some additional traffic towards your organization. …AWS3 min readAWS3 min read
Oct 3, 2020Member-onlyWhat I Learned After Authoring My First BookIf you’re reading this, chances are that you too are interested in what it takes to write a book. Before you continue on, note that I did not self publish and that my book was geared towards a technical audience. The book in question, AWS Penetration Testing, was my first…AWS4 min readAWS4 min read
Aug 28, 2020Member-onlyLambda Takeover: Part 1This is a proof of concept about how weak security controls placed around Lambda functions can lead to potential total compromise. This PoC assumes that the viewer has an understanding of what Lambda is, how it functions, and why organizations integrate it into their infrastructure. If you need a crash…AWS5 min readAWS5 min read
Aug 10, 2020Member-onlyHow Amazon Shifted its Business Model for Pandemic SuccessNote that this was a portion of an Academic paper that has been re-worked and reworded for Medium. The story is an opinion and does not devulge sensitive information about Amazon. Introduction During the COVID Era of the year 2020, we have seen many companies rise, and many companies fall based…Delivery6 min readDelivery6 min read
Jul 13, 2020Member-onlyVulnhub Walkthrough: Cybersploit 1VulnHub is a website that provides materials that allow anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration. The following write up is based on the box titled “ Cybersploit: 1”. The objective/goal of the exercise is to get the 3 flags that are placed…Hacking4 min readHacking4 min read
Jun 19, 2020Member-onlyFoundational War Gaming ConceptsRed Teaming and Blue Teaming Techniques known as “War Gaming” have been exercises that organizations such as the National Security Agency, United States Military, and other government entities perform to exercise and test their offensive and defensive capabilities. These war games are made up of teams commonly referred to as “Red Teams,” an offensive style…Technology4 min readTechnology4 min read
May 29, 2020Member-onlyBuilding a Vulnerable Web App in AWS: Juice ShopOWASP Juice Shop is a modern and insecure web application designed to learn various hacking tactics and techniques. The vulnerable web application is typically used for training purposes and allows users to hack the web application in a secure and safe environment. The following is a walkthrough of how to…Hacking3 min readHacking3 min read
