blog

BlogAsCloud

We're sharing our extensive knowledge of everything cloud infrastructure engineering for those looking to learn more and get ahead.

FEATURED POST

Capital One and EC2 – part 3

By Nate Aiman-Smith | August 9, 2019 |

In two previous articles, I described how the Capital One breach took advantage of an EC2-specific function to obtain AWS credentials which were then used to obtain multiple files containing sensitive information.  If you haven’t already done so, I’d encourage you to read parts one and two before continuing. You might also want to pull up the complaint for reference; the juicy bits describing the attack are on pages 6-8. In this final installment of the article, I’ll describe some measures that Capital One could have taken to prevent this kind of attack.  However,…

Read More

Categories

Posts

Workspaces

By Jake Berkowsky | April 8, 2020

As part of a talk I’m doing with Boston based Workbar. I’ve written an FAQ on Amazon Workspaces. Sign up here What is Workspaces? Workspaces is a Desktop as a Service (Daas) solution from Amazon Web Services. Its a hosted desktop in the cloud made for the enterprise. It allows end users to connect to…

Read More

10 AWS Network Terms

By Jake Berkowsky | April 2, 2020

AWS networking is probably the most important thing that people don’t want to think about. While networking on the cloud is similar to traditional on-premise, there are a few key differences. Here’s a few terms that people may or may not be familiar with: VPC – Stands for virtual private cloud. Essentially it’s a managed…

Read More
arrow pointing left

Shifting Left with Vulnerability Management

By Jake Berkowsky | October 28, 2019

Recently a friend of mine told me his company, in an effort to improve security, was launching a bug bounty program. I’m a huge fan of bug bounty programs, hiring professionals to test your code is a great way to find things you may have missed and lets your clients, employees and investors know that…

Read More

What Really is DevOps?

By Jason Silva | October 17, 2019

When I started my career as a Systems Administrator, I thought that I would be doing that for my whole career. A few years later, I thought to myself, ”If I were to progress, what would be my next step?” After a little bit of research, I learned of a position called a DevOps Engineer.…

Read More

Pritunl Zero

By Jake Berkowsky | September 22, 2019

Pritunl is an open source OpenVPN and IPSec solution that comes with a somewhat popular VPN client. Pritunl Zero fills in a few more gaps by providing zero trust access to SSH and Web Services similar to products such as Akamai EAA and Zscaller. I installed an individual server using this guide. It was relatively…

Read More

Capital One and EC2 – part 3

By Nate Aiman-Smith | August 9, 2019

In two previous articles, I described how the Capital One breach took advantage of an EC2-specific function to obtain AWS credentials which were then used to obtain multiple files containing sensitive information.  If you haven’t already done so, I’d encourage you to read parts one and two before continuing. You might also want to pull up the complaint for…

Read More

Capital One and EC2 – part 2

By Nate Aiman-Smith | August 6, 2019

In a previous post, I mentioned that the attack vector for the Capital One breach specifically targeted an EC2 feature. In this post, I’ll give my educated guesses about how the attack actually worked. [Note 1: if anyone happens to have any of the contents of the original gist then I’d love to get a look…

Read More

Capital One and EC2 Hack – an Overview

By Nate Aiman-Smith | August 5, 2019

There’s been a ton of coverage of the recently discovered Capital One breach. I’m generally very skeptical when AWS security makes the news; so far, most “breaches” have been a result of the customer implementing AWS services in an insecure manner, usually by allowing unrestricted internet access and often overriding defaults to remove safeguards (I’m…

Read More

How to Set Up a YubiKey 5C

By Sean McDonnell | July 31, 2019

Yubi what? A YubiKey is Yubico hardware authentication device designed to achieve secure 2-factor authentication (2FA) for online services like AWS, computer logins, developer tools, password managers and other important data. The YubiKey combines hardware-based authentication and public key cryptography to eliminate account takeovers and provides the extra security you need.  YubiKey’s were created by…

Read More

Welcome aboard Bill Lumbot

By Jake Berkowsky | July 30, 2019

Every morning I try to follow a checklist that I wrote. I read over resumes, check out PRs, check my email accounts, etc… One critical thing I do (or did) was checked to see who forgot to log their hours from the day before (or who left the timer running). Since we are a consultancy,…

Read More