S3 Bucket Encryption Doesn’t Work The Way You Think It Works
Let’s try all the different S3 encryption options, see why it’s more like access control than encryption, and why that matters.
Please buy our gen-v workload-deep threat-led risk-driven humachine-powered hyperscale cloud security solution
What happens when marketing and cloud security get together without supervision? Enjoy our review of cloud security marketing material.
Hacking Terraform State for Privilege Escalation
What can an attacker do if they can edit Terraform state? The answer should be ‘nothing’ but is actually ‘take over your CI/CD pipeline’.
Tapping the Leaking AWS Account ID Faucet
Think AWS account IDs are useful to attackers? Then these are all the places you might want to look to see if your account ID has been revealed.
Conditional Love for AWS Metadata Enumeration
How would you feel if an attacker could read your AWS resource tags? Turns out they can! We’ve found a way to enumerate various metadata from public resources and created a tool to help you test your environment.
The final answer: AWS account IDs are secrets
AWS has publicly stated that account IDs are not considered sensitive, but in practice they do more heavy lifting than we’d like to admit.
How to give direction to an engineering-led startup without a chief product officer
Building cool stuff with awesome engineers is fun but even great engineers need to know where they are going. Here’s how you can give your startup direction without a chief product officer.
The deputy is confused about AWS Security Hub
If you are the kind of crazy that we are at Plerion, and you’ve decided to build a product that integrates with AWS Security Hub, this blog post is for the 93 of you.