PinnedDetection & Compromise: Secrets from the AWS Secrets ManagerPublic exposure of secrets — privileged credentials used to access resources— can lead to adverse outcomes for organizations. Today, we’ll walk over the Secrets Manager service on the AWS Cloud which is fairly handy when it comes to the creation and management of secrets. I’ll not be digging into the…AWS9 min readAWS9 min read
Nov 25, 2022Management of MFA Devices in AWS IAMJust last week, AWS released a new feature to most AWS cloud customers — you can now assign multiple MFA devices to your root and other IAM users. …AWS3 min readAWS3 min read
Jun 21, 2022AWS Session Manager: Securing Access to Cloud ResourcesManaging resources on the cloud — with both security and scalability at mind— can quickly get out of hands. Luckily, AWS released the Systems Manager which is a collection of tools or functions which can help us manage assets in the cloud while minimizing the time and efforts required to…Aws Ssm7 min readAws Ssm7 min read
Jun 9, 2022AWS Instance Metadata Service: A Quick RefresherElastic Compute Cloud (EC2) was the third service released by Amazon under its “Web Services” banner. This was late into 2007 when AWS was rapidly expanding and innovating solutions for its end users. …AWS6 min readAWS6 min read
Nov 17, 2021A Review of TCM Security’s Practical Malware Analysis and TriageCyber-defense trainings and certifications are incredibly expensive. In a world where SANS charges thousands of bucks for trainings from world-class professionals, Heath Adam’s work via TCM Security is nothing short of ‘amazing’. I’ve been a personal fan of Heath and his continued promise to help beginners in the field progress…Pmat5 min readPmat5 min read
Sep 19, 2021Reversing with IDA: Cross-referencesCross-references, or more commonly referred to as xrefs, are used to identify references (usage/call or declaration) of a particular function, string, variable, etc. …Ida4 min readIda4 min read
Aug 12, 2021LNK File Analysis: LNKing It Together!Shell Links or more commonly known to native Windows users as shortcut files — technically known by their extension LNK — serve to be one of the most fruitful initial access vectors for threat actors. …Forensics7 min readForensics7 min read
Mar 6, 2021Defender’s Toolkit 102: Sigma RulesNow that the intelligence community is finally reaching its due maturity, advisories shared with fellow organizations often contain useful detection use-cases. If we were to travel back a few years, an average analyst would dread the manual conversion of these use-cases into searchable queries for the logging platform or SIEM…Writing Sigma Rules7 min readWriting Sigma Rules7 min read
Nov 27, 2020VBA Purging — How Effective Is It?Attackers have long been searching for ways to meddle with the day-to-day operations of an average computer user. It’s no wonder the Microsoft Office suite has been one of the key targets of adversaries to compromise endpoints. What better than to dispatch a seemingly-harmless office document to a rather naive…Vba Purging7 min readVba Purging7 min read
Oct 26, 2020Digital Forensics Write-up — Web Server Case by Ali HadiThe article is a write-up for challenge number one — the Web Server Case — by Ali Hadi on his blog, ‘ashemery.com’. The premise is set to: A company’s web server has been breached through their website. Questions For this investigation, we’re asked to answer the following questions: What type of…Forensics11 min readForensics11 min read
