Socials
  • 1-234-564-3773
  • [email protected]
Cloud Security OperationsCloud Security Operations
  • Home
  • Services
  • Blog
  • Contact Us

Cloud Security Tools

Cloud Security Tools

Automating Container Security Scanning using AWS CodeBuild and Snyk

Introduction In a usual DevOps pipeline process, the idea of security comes quite late in the process, right before the deployment. Security testing at this point has a major issue. The problem is that in many cases apart from the small security bugs that show up, a lot of serious Read more…

By Vishal, 1 year1 year ago
Cloud Penetration Testing

AWS Reconnaissance Tools

Hi all, In this post, we will discuss the various AWS Reconnaissance Tools used to recon and exploit AWS cloud accounts. Let’s first look at the reasons due to which credentials get exposed: Vulnerabilities in AWS hosted applications like SSRF (Server Side Request Forgery) and LFI (Local File Inclusion) Code Read more…

By Setu, 3 years3 years ago
Cloud Security Tools

PacBot – Open Source Compliance Automation Tool

What is PacBot? PacBot is Policy as Code Bot which does continuous compliance monitoring, compliance reporting and security automation for AWS(as of the date I am writing this post) from T-Mobile. In PacBot, security and compliance policies are implemented as a code. All resources discovered by PacBot are evaluated against Read more…

By Setu, 3 years3 years ago
Auditing AWS Environments for HIPAA Compliance
Cloud Security

Auditing AWS Environments for HIPAA Compliance

Introduction CloudSploit is an AWS compliance, security and configuration monitoring scanner which is the first of its kind. It is an open source project designed to detect security risks in AWS. The CloudSploit Scans is built on NodeJS script which works on two phases. Collection and Scanning. After a successful run, Read more…

By Setu, 4 years4 years ago
aws pentesting
Cloud Penetration Testing

Post Exploitation in AWS using Nimbostratus

Introduction Nimbostratus is a tool developed by Andres Riancho for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus uses any application level HTTP proxy vulnerability to enumerate the instance and credentials from the metadata service which is available to all the instances in EC2. This tool-set can be tested on nimbostratus-target, Read more…

By Setu, 4 years4 years ago
cloudsecops-cloudsecurity
Amazon Web Services

Security audit using Cloud Custodian for compliance in AWS

Introduction In this article, we will be talking about Cloud Custodian, an open source rules engine for fleet management in AWS. The simple YAML DSL allows you to easily define rules to enable a well-managed cloud infrastructure, that’s both secure and cost optimized. Cloud Custodian unifies the dozens of tools Read more…

By Setu, 4 years4 years ago
aws_ir-cloudsecops
Cloud Penetration Testing

AWS Incident Response- AWS IR and Margarita Shotgun

AWS Incident Response In this post, we will be talking about the ways one can set up and automate a set of functions that need to be carried out in a sequence in case an attack happens in AWS,  Yes! AWS Incident response. Having the whole infrastructure on the cloud Read more…

By Setu, 4 years4 years ago
Subscribe

Always be the first to know news related to Cloud Security. We will never spam you.

Categories
  • Amazon Web Services
  • Cloud Penetration Testing
  • Cloud Security
  • Cloud Security Tools
  • Cloud Security Tutorial
  • Open Policy Agent
  • Uncategorized
Recent Posts
  • Deny Unauthorized ConfigMap Volumes – OPA Gatekeeper Pod Security Guardrail (Part 3)
  • Deny Host Network – OPA Gatekeeper Pod Security Guardrail (Part 2)
  • Restrict Wildcards in RBACs – OPA Gatekeeper RBAC Guardrail (Part 3)
  • Restrict RBAC Admins – OPA Gatekeeper RBAC Guardrail (Part 2)
  • Restrict Service Account Namespace – OPA Gatekeeper RBAC Guardrail (Part 1)
Hestia | Developed by ThemeIsle