Network ACLs (NACLs) versus Security Groups (SGs) (Cheat Sheet)
To control the flow of data in and out of your VPCs and Subnets in AWS, you can use Network Access Control Lists (NACLs), Security Groups…
Tag: AWS Security
Must-have AWS security monitoring & alerting (Cheat Sheet)
Most of us know that having visibility into our cloud accounts and resources is critical, but it can easily be overwhelming to implement. What should…
IaC Scanning and Policy as Code with Checkov (Cheat Sheet)
We posted a video introducing the benefits of Infrastructure as Code (IaC) scanning and Policy as Code scanning, and why you absolutely should be running…
Anatomy of an AWS IAM Policy (Cheat Sheet)
If we had to name the most critical service to understand when it comes to AWS security, it would have to be IAM (Identity and…
How crypto miners hijack AWS accounts (Cryptojacking GUI-Vil Case Study)
This is the story of how you print free money. It’s a story that involves an AWS account, a threat actor named GUI-Vil, and unauthorized…
S3 Bucket Policies vs. ACLs vs. IAM Policies (Cheat Sheet)
Understanding when to use S3 Bucket Policies versus S3 ACLs versus AWS IAM Policies can easily make your head spin. To make sense of it,…
Intro to AWS Pentesting (with Pacu)
In this article, you’re going to learn how to hack AWS cloud environments so that you can find exploitable vulnerabilities in your own AWS accounts…