Fabian – Blog

Posted in Cloud Security, HowTo, Infosec

Use AWS Security Token Service (STS) to let low-privileged user temporarily assume privileged role in other account

Fabian
posted on November 21, 2020November 21, 2020
No Comment

Imagine one of your contractors usually does not need access to your AWS S3 buckets (or only access to buckets in your dev environment, but not in prod – you get the idea). Following the

Posted in Batch Scripting, HowTo, Programming

Script to set up port forwarding, start/stop & automatically SSH into headless VirtualBox VM

Fabian
posted on November 3, 2020November 21, 2020
No Comment

Virtual machines are very useful not only on servers or in cloud environments, but also installed locally on a workstation to try out things. I often install virtual machines without graphical

Posted in Cloud Security, Container Security, HowTo, Infosec

“Stealing the environment” – Insecure password injection in scripts and containers via environment variables

Fabian
posted on October 31, 2020October 31, 2020
No Comment

An “interesting” part when working with APIs or runtime environments like containers is of course credential management. Somehow you have to let the script know the credentials to use the

Posted in HowTo

Subnetting quick & easy

Fabian
posted on October 29, 2020October 26, 2020
No Comment

It’s very useful to be able to quickly perform some subnetting when given an IP address with its CIDR – it allows you to determine how many addresses there are in the corresponding network, if

Posted in Infosec

Making a unidirectional double tagging VLAN hopping attack bidirectional

Fabian
posted on October 27, 2020October 27, 2020
No Comment

A network engineer recently asked me why VLAN hopping via a double tagging attack is considered dangerous – after all, the attacker would be able to send traffic into another VLAN, but no

Posted in Chinese Language, Japanese Language, Language

Counterintuitive traditional Chinese input on Windows

Fabian
posted on October 26, 2020November 4, 2020
No Comment

When it comes to typing Chinese characters on a computer, one has to decide if simplified characters should be used, or rather traditional characters. If the audience is from China or Singapore, it

Posted in Culture, Germany, Japan, Mexico, South Korea

How fast does a society become individualistic?

Fabian
posted on October 19, 2020October 19, 2020
No Comment

According to the “rice farming theory“, societies that traditionally sustained on rice were collectivist societies, while wheat farming gave rise to individualistic societies. The idea

Posted in Cloud Security, Infosec

Is “the cloud” secure?

Fabian
posted on October 10, 2020October 15, 2020
No Comment

Yes, cloud computing is not a new thing. Yes, it has been written many times before if the cloud is secure or not. Already in 2009, the European Union Agency for Cybersecurity (Enisa) published a

Posted in Attribution, Infosec

Finding & Attributing Malicious Command & Control Servers

Fabian
posted on September 30, 2020October 11, 2020
No Comment

In one of my last posts, I wrote about attribution in cybersecurity, i.e. ways to find out who was behind an attack. One particular class of attackers are so-called APTs: Advanced Persistent Threats.

Posted in Cloud Security, Infosec

Differences in cloud security (Alibaba, Amazon, Google, IBM, Microsoft)

Fabian
posted on September 19, 2020September 28, 2020
No Comment

I recently had a look at the security assessments of different well-known cloud providers and found some interesting discrepancies. It shows at least four things in my opinion: There are indeed