AWS IAM Credentials Report [Cheat Sheet]
I recently came across this neat cheat sheet by Steampipe for AWS IAM Credential Reports, which is a simple but mighty feature you may not…
Red Teaming AWS Lambda CTF Hands-On Labs
AWS Lambda offensive security labs launched in November 2024
Centralized root management for AWS multi-account
When you are running multiple accounts through AWS Organizations, there are times when you may need to perform root-level actions in your member accounts. It…
AWS Resource Control Policies (RCPs) Explained: Demo with Secrets Manager
AWS has added another layer of defense - Resource Control Policies, or RCPs for short. Learn what they are, how they work, and how they compare to SCP…
AWS Detection Engineering with Grimoire
In a prior article, I showed you how to get started with a tool called Stratus Red Team to simulate adversaries by executing attacks against…
10 Best Practices for AWS Secrets Manager [Cheat Sheet]
In a prior post, we learned about AWS Secrets Manager: what it is, why it’s used, and how to get started with it. In this…
Hands-On Labs Added September & October 2024: IaC, S3, DevSecOps
Let’s take a look at all of the Hands-On Labs we launched in September & October 2024. They include labs in 3 primary categories: Foundational…
There’s a new attack targeting AWS accounts and it involves AI
Commonly when a threat actor gains access to AWS credentials (often long-term access keys), they will do a few things depending on their objectives…like for…
AWS SCS-02 Practice Exam Questions With Detailed Explanations
Studying for the AWS Certified Security Specialty (SCS-02) certification exam? Practice and challenge your readiness with our free practice exam questions. We’ll be adding a…
S3 Bucket Backdoor Attack Simulation with Stratus Red Team
Testing your AWS environment’s security measures and your blue team’s effectiveness is crucial, and the most effective way to do this is through simulated attacks.…