Oct 29, 2021

Using VSCode in the Browser

Tags: ,

You like Visual Studio Code? 

In this video, John will walk through using Visual Studio Code (VSCode) in the browser with zero installation experience.


Coding is never be so fun with this!!

Links:

Oct 28, 2021

Enhancing Cloud Security Operations : Visibility

Tags: , ,

Visibility is a key element to identify and respond to cloud security incidents. This session explores how we can leverage native offerings to help solve the visibility problem.

In this webinar, Roger shares the following topics with us, and helps us to keep up with the ever-changing threat landscape.

  • Cloud adoption
  • Security concerns
  • How do we solve the problems
  • Native tools
  • Gaps
  • 3rd party tools
  • Automation

Links:

  • https://www.youtube.com/watch?v=rEP53j60QXQ

Oct 27, 2021

An Illustrated Guide to OAuth and OpenID Connect

Tags: ,

OAuth 2.0 and OpenID Connect (OIDC) are internet standards that enable one application to access data from another. Unfortunately, these standards use a lot of jargon and terminology that make them more difficult to understand. 

The goal of these 2 videos are to explain how these standards work using simplified illustrations, and demonstrate in details:

  • How to get Google OAuth API keys?
  • How OAuth works?
  • How to build an OAuth implementation with Node.js?

 


Links:

  • https://www.youtube.com/watch?v=t18YB3xDfXI
  • https://www.youtube.com/watch?v=Qt3KJZ2kQk0 
  • https://github.com/TomDoesTech/Google-OAuth-NodeJS

Oct 26, 2021

Active Directory Penetration Testing Checklist

Tags: , , ,
A short article that show Active Directory Penetration Testing, including reconnaissance commands and brute force Active Directory.

Links:

  • https://gbhackers.com/active-directory-penetration-testing-checklist/
  • https://github.com/sense-of-security/ADRecon

Oct 25, 2021

Defending Public Cloud for Enterprise Tricks and Tips!

Tags: , ,

 

The public cloud expansion is a reality and maintaining fences up is not easy. Come learn about AWS/Azure/GCP organization rules, policies and best practices to avoid potential threats that help to enforce good practices and avoid potential issues and misconfigurations. 

In this webcast, Moises will cover how to: 

  • - Allow new accounts, subscriptions, or project to start with security practices in place 
  • - Reduce the risk that shadow IT could grow without security policies and good practices 
  • - Enforce security good practices even if users try to resist it 
  • - Maintain cloud environments aligned with legal and privacy requirement

 Final Thoughts - Toolbox !

  1. Prowler - github.com/toniblyx/prowler
  2. Cloud Custodian -  cloudcustodian.io
  3. CheckOV - checkov.io
  4. CloudSploit - cloudsploit.com
  5. rcentry - arcentry.com
  6. Falco - falco.org
  7. ScoutSuite - github.com/nccgroup/ScoutSuite

Final Thoughts - References!

  1. CIS Benchmarks - cisecurity.org
  2. Cloud Security Alliance - cloudsecurityalliance.org
  3. OWASP - owasp.org
  4. NIST - nist.gov
  5. ENISA - www.enisa.europe.eu
  6. Each cloud provider has well-architecture guide

Oct 24, 2021

Top 11 Open Source Cloud Security Tools

Tags: ,

Top 11 Open Source Cloud Security Tools

  • Wazuh Cloud
  • Osquery
  • GoAudit
  • Grapl
  • OSSEC
  • Suricata
  • Zeek/Bro
  • Panther
  • Kali Linux
  • KeePass
  • Metasploit Framework

 

Links:

  • https://cybersecuritynews.com/cloud-security-tools/

Oct 22, 2021

Diagram as Code

Tags: ,

Diagrams is a library tool that helps you draw the cloud system architecture in Python code. It was born for prototyping a new system architecture design without any design tools. You can also describe or visualize the existing system architecture as well.

Diagrams currently supports main major providers including: AWS, Azure, GCP, Kubernetes, Alibaba Cloud, Oracle Cloud, including On-Premise nodes, SaaS and major Programming frameworks and languages.

Have fun!

Links:

  • https://github.com/mingrammer/diagrams
  • https://graphviz.gitlab.io/download/
  • https://www.youtube.com/watch?v=olbvafuGSCw

Oct 21, 2021

Install ModSecurity for Nginx on Ubuntu

Tags: , , ,

WebApp security can be a huge challenge especially with the prevalence of malicious tools such as rootkits, scanners, bots, and other malware. Although getting breached may seem a matter of when if not if, it is prudent to implement some decent security measures to safeguard your web applications.

One of the tools that can provide a decent level of security against attacks is called ModSecurity. This is a free and open-source Web Application Firewall (WAF) that can protects your web applications from a vast array of layer 7 attacks such as cross-site scripting (XSS), SQL injection, session hijacking, and many more.

In this guide, it show how to install and configure ModSecurity to work with Nginx on Ubuntu from source.

Steps:

  1. Install dependencies
  2. Install latest Nginx version
  3. Download Nginx source package
  4. Install the Libmodsecurity3 library
  5. Download and compile ModSecurity v3 Nginx Connector
  6. Load the ModSecurity Nginx Connector module
  7. Download OWASP corerule set
  8. Testing out ModSecurity
ModSecurity

Links:

Subscribe to: Posts (Atom)