assumed_role_breadcrumbs

Cloudtrail events in AWS offer a lot of visibility into the calls that roles leverage within the platform. Sometimes tracking the original source of the activity can be challenging. When users and other aws services from one account assume role into another hunting the origin can take a bit of backtracking.

November 28, 2018 · 6 min · Travis

cloudtrail_anomaly_detection

Overview of an anomaly detection platform using cloudtrail logs, athena, lambda, s3, and dynamodb

November 28, 2018 · 7 min · Travis

emr_security_woes

Walkthrough of Elastic Map Reduce compromise, and why it should never be directly exposed to the Internet.

November 28, 2018 · 9 min · Travis

role_credential_revoking

IAM roles can have all current credentials revoked. This can be great to stop an attacker, but at what cost?

November 28, 2018 · 6 min · Travis