Happy New Year!

Hi everyone and welcome in 2019 !! πŸŽ‰ 🍸 πŸŽ‰ After close to 4 months without a single entry, I thought it was the right time to make a comeback. Although I haven’t written a lot for this period, it didn’t mean the blog stayed idle, I worked hard during my spare time to bring you, my readers, new thrilling functionalities.…

Read more »

Penetration testing on AWS

Posted on

In opposition with the general assumption, among companies which have a long compliance history in their field, top executives are often the most eager to migrate their On-premise infrastructure in favor of Public Cloud, expecting1 drastic operational cost savings. The opposition more often comes from the IT Operations and Security staffs who fear a loss of control on their data which goes along with the loss of control on the underlying infrastructure ( They miss Network and Security appliances, Hypervisors and sometimes even Racks and Wires 😏 ).…

Read more »

Mining on AWS

Posted on

WARNING: THE METHOD DESCRIBED IN THIS ARTICLE IS ONLY TARGETING PEOPLE WHO HAVE AWS CREDIT TO LOOSE, DON’T USE IT WITH PROFITS IN MIND Considering cloud instances are usually expensive, and price of cryptocurrencies ( and especially the ones that are still minable with CPU and GPU ) are collapsing lately, most of you must think I’m turning mad.…

Read more »

An Introduction to Risk Analysis

An Introduction Far from proposing you a full formation to ISO 27005, this short post will introduce to you the basis to keep in mind before starting any new Security Project. Indeed, contrary to other investments, security won’t bring new value to your company Business; instead, it gives you the promise to protect your current value. As I’ve already discussed with students in a recent lecture, I gave on the Risks of IT Outsourcing, when you subscribe to a new outsourcing contract, concerning security, the External Service Provider (ESP) has an obligation of means he should apply rather than results.…

Read more »

The three container security golden rules

As containers became a standard in IT applications, enumerating a few security best practices is now a business need. Therefore I’ve defined those three golden rules to keep in mind before pushing a new image for production to your company container repository.

I Careful with share volumes you will be Contrary to a Virtual Machine, a Docker container uses the host kernel directly, so in case of a kernel vulnerability restricted permissions on shared resources won’t protect you from an attacker.

Read more »