I recently spent some time exploring the issue of CloudFront domain hijacking. This is not a new issue but I think it has gone mostly unnoticed for a few reasons: CloudFront’s default behavior is not intuitive. Some standard DNS configurations can mislead users into thinking that their vulnerable domains are configured correctly. In the
This coming Thursday, September 7th, MindPoint Group VP for Information Security and Privacy Matt Shepherd will be presenting “Where to Start with Automation” at Ansible Fest San Francisco. Here is a brief synopsis of his talk: AWS and OpenStack get a lot of attention as the cool platforms to build on, and with good reason.
Lateral Movement: An Overview During the early stages of an engagement, penetration testers look to gain a foothold into the target network. Depending on what scenarios are agreed upon by the client and laid out in the Rules of Engagement, this foothold may occur through social engineering attacks such as phishing campaigns or by compromising
A few weeks ago, I attended AWS re:Invent 2016 with nine of my colleagues. If you have never been, re:Invent is pretty cool, not your typical conference, and the number of attendees keeps growing year after year. To put it into perspective, 8,000 people attended re:Invent three years ago, while this year that number jumped to
If you have a cloud service offering that you are trying to market to the Federal Government, chances are you’ve heard about the FedRAMP program by now. You may also be aware that the path to FedRAMP compliance is a time consuming and resource intensive process. This process can be simplified by making some key