Michael Stair
@mstair
Cloud security @ AT&T. Opinions expressed here are my own.
You might like
Join us 11/8 for AT&T Secure Connections. At this free virtual event you’ll hear from the @ATT Security Team, today's security visionaries, and #CISO Rich Baich. Secure your seat today: security-conference.att.com #ATTSecCon #NetworkSecurity #Cybersecurity
fwd:cloudsec happens today! Check in at 8am, welcome talk at 9am ET. - Room 1 livestream: youtube.com/watch?v=tvDpQ3… - Room 2/3 livestream: youtube.com/watch?v=YHZdkp… - Schedule: pretalx.com/fwd-cloudsec-2…
I've got a few SIGNED copies of my Intrusion Detection Honeypots to give away. 🍯 To enter, retweet this tweet. I'll pick a few folks at random to win on Friday. You must have a US shipping address to win. Learn about the book here: chrissanders.org/2020/09/idh-re…
📢 ASPIRING HACKERS! Want to learn to hack? Since it's virtual anyways, we're opening our Fall 2020 ASU Computer Systems Security / CTF course to the WHOLE WORLD! More info, including lecture times, youtube/twitch/presentation links, and practice problems: pwn.college
Videos from fwd:cloudsec 2020 are now up on YouTube! youtube.com/playlist?list=… Slides and code where available are also linked on fwdcloudsec.org Get on the mailing list for when we start announcing things for next year:
🎉 Introducing the H2 Matrix 🎉 Free resources to build your skills → counterhack.com/h2matrix #SANSHackFest
This is a devastating issue found across a number of AWS vendors (mostly cloud security vendors!) with some still unfixed. If you use a vendor (that did not implement things correctly), and someone can determine your account ID, they can access your account through the vendor.😱
We released my blog today: AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors praetorian.com/blog/aws-iam-a… I'll be presenting a lot more detail and variants on the attack at fwd:cloudsec
praetorian.com
AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors | Praetorian
Research by Praetorian has uncovered a common misconfiguration in Amazon Web Services Identity and Access Management Assume Role process. This post outlines the issue and how it can be mitigated.
We've posted the final schedule for fwd:cloudsec! fwdcloudsec.org/speakers.html We had a ton of awesome talks submitted, but we could only select a handful. We're pleased to have the following additional speakers join us on June 29. 1/
Put some of my thoughts together for conducting an AWS assessment when you're looking at a brand new organization - chrisfarris.com/post/cloud-ass…
chrisfarris.com
Conducting a Cloud Assessment in AWS - Chris Farris
Overview of things to look at when assessing a organization running AWS
So I spoke about Adventures in Cloud Inventory at the SANS Cloud Security Summit today. Here is the write up.. chrisfarris.com/post/adventure… #SANSCloudSummit
chrisfarris.com
Adventures in Cloud Inventory - Chris Farris
Adventures in managing cloud inventory across a large number of AWS accounts
I'm liking this new model AWS is rolling out with Organizations delegating to a service admin account.
We're looking for a senior level Cloud Architect to help drive the cloud infrastructure for HBO Max. careers.warnermediagroup.com/TGnewUI/Search…
In this #ThreatTraq video, Ganish Kasina, Michael Kleeper and Andy Benavides of the #ATT Chief Security Office discuss the Stantinko botnet’s cryptomining module and its functionality. Watch here: spr.ly/60161XTEA
The House of Representatives debates and votes on articles of impeachment against President Trump. Watch live.
The White House eliminated the Office of the #CISO this past week. This is not OK and we all need to contact Congress immediately. Here's a letter you can use. #cybersecurity #Cyber #WhiteHouse #congress @realDonaldTrump linkedin.com/pulse/contact-…
Duncan Sparrell (@dsparrell) is presenting on standards for #IoT safety and #cybersecurity at #BorderlessCyber right now.
Startup idea: Have a pizza delivery service that bills you through AWS Marketplace. Your lunch costs will just disappear in your companies AWS bill...
VPC Flow Logs can now include the instance id, subnet id, and vpc id, along with a way to better identify the actual initiator of traffic. aws.amazon.com/blogs/aws/lear…
United States Trends
- 1. Grammy 399K posts
- 2. #FliffCashFriday 2,001 posts
- 3. Dizzy 10.6K posts
- 4. James Watson 8,758 posts
- 5. #NXXT 1,181 posts
- 6. Clipse 23.3K posts
- 7. Kendrick 65.9K posts
- 8. #GOPHealthCareShutdown 10.2K posts
- 9. Darryl Strawberry 1,368 posts
- 10. Orban 50.1K posts
- 11. Thune 78.3K posts
- 12. Chase 88.2K posts
- 13. MANELYK EN COMPLICES 11.1K posts
- 14. #FursuitFriday 12.5K posts
- 15. Bijan 3,143 posts
- 16. Carmen 47.7K posts
- 17. Laporta 14.1K posts
- 18. Capitol Police 13.1K posts
- 19. Klay 5,575 posts
- 20. END THE FILIBUSTER 96.5K posts
Something went wrong.
Something went wrong.