Infosec – Blog

Posted in Cloud Security, HowTo, Infosec

Use AWS Security Token Service (STS) to let low-privileged user temporarily assume privileged role in other account

Fabian
posted on November 21, 2020November 21, 2020
No Comment

Imagine one of your contractors usually does not need access to your AWS S3 buckets (or only access to buckets in your dev environment, but not in prod – you get the idea). Following the

Posted in Cloud Security, Container Security, HowTo, Infosec

“Stealing the environment” – Insecure password injection in scripts and containers via environment variables

Fabian
posted on October 31, 2020October 31, 2020
No Comment

An “interesting” part when working with APIs or runtime environments like containers is of course credential management. Somehow you have to let the script know the credentials to use the

Posted in Infosec

Making a unidirectional double tagging VLAN hopping attack bidirectional

Fabian
posted on October 27, 2020October 27, 2020
No Comment

A network engineer recently asked me why VLAN hopping via a double tagging attack is considered dangerous – after all, the attacker would be able to send traffic into another VLAN, but no

Posted in Cloud Security, Infosec

Is “the cloud” secure?

Fabian
posted on October 10, 2020October 15, 2020
No Comment

Yes, cloud computing is not a new thing. Yes, it has been written many times before if the cloud is secure or not. Already in 2009, the European Union Agency for Cybersecurity (Enisa) published a

Posted in Attribution, Infosec

Finding & Attributing Malicious Command & Control Servers

Fabian
posted on September 30, 2020October 11, 2020
No Comment

In one of my last posts, I wrote about attribution in cybersecurity, i.e. ways to find out who was behind an attack. One particular class of attackers are so-called APTs: Advanced Persistent Threats.

Posted in Cloud Security, Infosec

Differences in cloud security (Alibaba, Amazon, Google, IBM, Microsoft)

Fabian
posted on September 19, 2020September 28, 2020
No Comment

I recently had a look at the security assessments of different well-known cloud providers and found some interesting discrepancies. It shows at least four things in my opinion: There are indeed

Posted in Attribution, Infosec

Who the hæck?Attribution in cybersecurity

Fabian
posted on September 16, 2020September 17, 2020
No Comment

While we are getting used to hearing news on a daily basis about hacking attacks, much less do we read details on who is responsible. The reason is clear: In cyberspace, there are many ways to cover

Posted in HowTo, Infosec

SRPs block malware, but what if things stop working?

Fabian
posted on September 4, 2020September 5, 2020
No Comment

As I wrote in my last post on lateral movement, using AppLocker or Software Restriction Policies (SRPs) to avoid the execution of unknown or malicious software is good practice. While SRPs are older,

Posted in Infosec

Hello, somebody there? Or: The difficulty of detecting lateral movement

Fabian
posted on September 2, 2020September 5, 2020
No Comment

Lateral Movement is a key technique for attackers: Once they entered your infrastructure, the next step is to look around and move horizontally (i.e. to other, possibly more valuable machines and

Posted in Infosec

Which layer for encryption? Which for VPNs?

As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages and disadvantages of IPsec VPNs versus TLS-based VPNs. With this discussion in mind