Network ACLs (NACLs) versus Security Groups (SGs) (Cheat Sheet)
To control the flow of data in and out of your VPCs and Subnets in AWS, you can use Network Access Control Lists (NACLs), Security Groups…
Category: Cloud Security
Must-have AWS security monitoring & alerting (Cheat Sheet)
Most of us know that having visibility into our cloud accounts and resources is critical, but it can easily be overwhelming to implement. What should…
IaC Scanning and Policy as Code with Checkov (Cheat Sheet)
We posted a video introducing the benefits of Infrastructure as Code (IaC) scanning and Policy as Code scanning, and why you absolutely should be running…
HashiCorp Vault Cheat Sheet
We wrote a blog post introducing and explaining what Vault is, when it’s useful, and how to get started using it to manage your secrets.…
Anatomy of an AWS IAM Policy (Cheat Sheet)
If we had to name the most critical service to understand when it comes to AWS security, it would have to be IAM (Identity and…
How crypto miners hijack AWS accounts (Cryptojacking GUI-Vil Case Study)
This is the story of how you print free money. It’s a story that involves an AWS account, a threat actor named GUI-Vil, and unauthorized…
S3 Bucket Policies vs. ACLs vs. IAM Policies (Cheat Sheet)
Understanding when to use S3 Bucket Policies versus S3 ACLs versus AWS IAM Policies can easily make your head spin. To make sense of it,…
Intro to AWS Pentesting (with Pacu)
In this article, you’re going to learn how to hack AWS cloud environments so that you can find exploitable vulnerabilities in your own AWS accounts…
AWS WAF Made Simple: Protect Your Web Apps In The Cloud
AWS built its own Web Application Firewall and named the service AWS WAF, and we’re going to take a detailed look at how we can…
Network Access Control Lists (NACLs) and Security Groups (SGs)
Access Control Lists (ACLs) also known as Network Access Control Lists (NACLs) and Security Groups (SGs) are used to allow or deny inbound or outbound…