This is going to be a short blog post detailing another migration I undertook to simplify my current stack.
This time, I replaced SES with Cloudflare Email Routing for incoming emails across my domains.
As you might know, I’m working on my next side-project, The CloudSec Engineer, a book on entering, establishing yourself, and thriving in the cloud security industry as an individual contributor.
As part of the book’s introduction, I’ve been researching common career pathways within the security industry to contextualise where Cloud Security fits into the big picture.
I’ve always wanted to setup a Pi-hole to block advertisements in my home office, but, at the same time, I didn’t want physical boxes lying around to maintain (plus, I do hate cables).
In this blog, I’ll explain how I managed to mimic the Pi-hole’s behaviour using only serverless technologies (Cloudflare Gateway, to be precise).
Early last year, I wrote “On Establishing a Cloud Security Program”, outlining some advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based offering. The result can be found in a micro-website which contains the list of controls that can be rolled out to establish such cloud security program: A Cloud Security Roadmap Template.
Following that post, one question I got asked was: “That’s great, but how do you even know what to prioritize?”
CVE-2022-0847 (aka “Dirty Pipe”) was released earlier this week (
This blog aims to provide a quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine its impact on their company’s infrastructure.
|Docker on MacOS via minikube (2022 edition)|
|Remotely Access your Kubernetes Lab with Cloudflare Tunnel Kubernetes Primer for Security Professionals|
|Introducing k8s-lab-plz: A modular Kubernetes Lab|
|Weekly Digests to Increase Visibility and Transparency|
|Automated GDrive Backups with ECS and S3|
|Automated Github Backups with ECS and S3|
|MUST READ||On Establishing a Cloud Security Program Cloud Security Strategies|
|Automating Cartography Deployments on Kubernetes Continuous Visibility into Cloud Environments|
|Kubernetes Lab on Baremetal Kubernetes Primer for Security Professionals|
|MUST READ||Security Logging in Cloud Environments - GCP Continuous Visibility into Cloud Environments|
|A Quick Look at GKE Autopilot (in 15 minutes)|
|MUST READ||Security Logging in Cloud Environments - AWS Continuous Visibility into Cloud Environments|
|Semgrep for Cloud Security|
|Domain-Wide Delegation of Authority in GSuite Continuous Visibility into Cloud Environments|
|MUST READ||Tracking Moving Clouds: How to continuously track cloud assets with Cartography Continuous Visibility into Cloud Environments|
|So I Heard You Want to Learn Kafka Kubernetes Primer for Security Professionals|
|MUST READ||The Current State of Kubernetes Threat Modelling Kubernetes Primer for Security Professionals|
|Building a Serverless Mailing List in AWS|
|My Blogging Stack|
|Remote Development with a Chromebook in 2020|
|MUST READ||Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography Continuous Visibility into Cloud Environments|
|Cross Account Auditing in AWS and GCP Continuous Visibility into Cloud Environments|
|Deploy Your Own Kubernetes Lab Kubernetes Primer for Security Professionals|
|Offensive Infrastructure: the HashiStack Offensive Infrastructure with Modern Technologies|
|Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)|
|Red Teaming Mind Map from The Hacker Playbook 3|
|My Arsenal of Cloud Native (Security) Tools Kubernetes Primer for Security Professionals|
|Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)|
|MUST READ||So I Heard You Want to Learn Kubernetes Kubernetes Primer for Security Professionals|
|Offensive Infrastructure: Introduction to Consul Offensive Infrastructure with Modern Technologies|
|Offensive ELK: Elasticsearch for Offensive Security|
|Robtex-Go: Go Client for the Robtex API|
|Introducing GoScan (aka a reason to learn Go)|
|Burp Pro as a Docker Container|
|Docker + Consul + Vault: A Practical Guide|
|Needle meets Jenkins: how to include Needle in your CI pipeline|
|Needle v1.0.0 released: new native agent and support for iOS 10|
|Needle V0.1.1 Released|
|iOS 9: Effective Jailbreak|
|Needle V0.0.4 Released|
|Needle Status Update|
|A quick intro to Needle|