Identifying critical AWS security issues with Prowler and Security Hub (Part 1)
Learn how to integrate Prowler, a cloud security assessment tool, with AWS Security Hub for automated security findings using a serverless architectur…
Category: Blue Team
AWS IAM Credentials Report [Cheat Sheet]
I recently came across this neat cheat sheet by Steampipe for AWS IAM Credential Reports, which is a simple but mighty feature you may not…
Centralized root management for AWS multi-account
When you are running multiple accounts through AWS Organizations, there are times when you may need to perform root-level actions in your member accounts. It…
AWS Resource Control Policies (RCPs) Explained: Demo with Secrets Manager
AWS has added another layer of defense - Resource Control Policies, or RCPs for short. Learn what they are, how they work, and how they compare to SCP…
AWS Detection Engineering with Grimoire
In a prior article, I showed you how to get started with a tool called Stratus Red Team to simulate adversaries by executing attacks against…
10 Best Practices for AWS Secrets Manager [Cheat Sheet]
In a prior post, we learned about AWS Secrets Manager: what it is, why it’s used, and how to get started with it. In this…
S3 Bucket Backdoor Attack Simulation with Stratus Red Team
Testing your AWS environment’s security measures and your blue team’s effectiveness is crucial, and the most effective way to do this is through simulated attacks.…
Terraform on AWS [Cheat Sheet]
So you need to deploy new or manage existing cloud infrastructure. What’s the best approach to get it done? The best way is to use…
Secure Your Cloud with Prowler [Cheat Sheet & Lab]
When it comes to securing cloud environments, automation and tooling can be a huge help, especially for tasks that should run on a regular basis.…
Instantly Query AWS with Steampipe Using SQL
How can I find security misconfigurations in my AWS accounts within minutes? How can I do that without spending weeks setting up data pipelines, or…