Things you wish you didn’t need to know about S3
![](https://blog.plerion.com/wp-content/uploads/2024/05/man-worried-about-buckets-1024x537.jpg)
Things you wish you didn’t need to know about S3 A time travel paradox in the title is a good place to start a blog post, don’t you think? You don’t yet know the things you need to know so you can’t wish you didn’t need to know them. There is a solution though – […]
S3 Bucket Encryption Doesn’t Work The Way You Think It Works
![](https://blog.plerion.com/wp-content/uploads/2024/04/lock-bucket-1024x585.webp)
Let’s try all the different S3 encryption options, see why it’s more like access control than encryption, and why that matters.
Please buy our gen-v workload-deep threat-led risk-driven humachine-powered hyperscale cloud security solution
![](https://blog.plerion.com/wp-content/uploads/2024/04/wordsalad-cloud-security-solution-1024x585.webp)
What happens when marketing and cloud security get together without supervision? Enjoy our review of cloud security marketing material.
Hacking Terraform State for Privilege Escalation
![](https://blog.plerion.com/wp-content/uploads/2024/02/terraform-head-of-state-1024x585.webp)
What can an attacker do if they can edit Terraform state? The answer should be ‘nothing’ but is actually ‘take over your CI/CD pipeline’.
Tapping the Leaking AWS Account ID Faucet
![](https://blog.plerion.com/wp-content/uploads/2024/02/circuit-faucet-1024x585.webp)
Think AWS account IDs are useful to attackers? Then these are all the places you might want to look to see if your account ID has been revealed.
Conditional Love for AWS Metadata Enumeration
![](https://blog.plerion.com/wp-content/uploads/2024/02/conditional-love-title-1024x585.webp)
How would you feel if an attacker could read your AWS resource tags? Turns out they can! We’ve found a way to enumerate various metadata from public resources and created a tool to help you test your environment.
The final answer: AWS account IDs are secrets
![](https://blog.plerion.com/wp-content/uploads/2024/01/keep-aws-account-ids-secret-1024x585.png)
AWS has publicly stated that account IDs are not considered sensitive, but in practice they do more heavy lifting than we’d like to admit.
How to give direction to an engineering-led startup without a chief product officer
![](https://blog.plerion.com/wp-content/uploads/2023/12/engineering-led-mission-1024x585.png)
Building cool stuff with awesome engineers is fun but even great engineers need to know where they are going. Here’s how you can give your startup direction without a chief product officer.
The deputy is confused about AWS Security Hub
![](https://blog.plerion.com/wp-content/uploads/2023/08/Shared-Plerion-Blog-article-image-guide-lines-and-overlays-2-1-1024x359.jpg)
If you are the kind of crazy that we are at Plerion, and you’ve decided to build a product that integrates with AWS Security Hub, this blog post is for the 93 of you.