Article presenting a set of design patterns around inbound and outbound traffic to and from a service mesh.

Writeup on how Square added support for mutual TLS calls from AWS Lambda into their data center.

MITRE released the Active Defense Matrix, a set of tactics and techniques defenders can use to deny a contested area to an adversary.

Guide illustrating the various approaches to configure a continuous integration and continuous delivery (CI/CD) workflow using GitHub and Terraform Cloud to address the challenges of DevOps environments.

How the Expel team automated enrichments for AWS alerts, with this blog sharing their approach to developing AWS enrichments and the implementation of the enrichment workflow process.

When putting together a SIEM, one of the first things that you need to decide on is the distributed architecture you are going to choose. This means analyzing the resources available, as well as the needs of your SOC.

Blog which tries to answer the question: what are the next steps once you find a vulnerability in an Azure App Services application?

Post explaining what NegoEx and PKU2U are, what a P2P certificate is, and how to use those to gain access to Azure AD machines.

Second post in a series focused on "Deconstructing Kubernetes", which describes how to set up an extremely basic Kubernetes cluster. As soon as you move beyond one node, you'll have to deal with container networking across hosts, which involves a lot of intricacies. As a result, this posts gives some insights on Kubernetes networking.

Introductory post on how to configure RBAC in Kubernetes.

Learn what etcd is, and what you should be monitoring for to ensure your services perform as expected.

A tale of an escape out of a docker container by circumventing an ad-hoc reverse proxy that was supposed to prevent abuse of "docker.sock" file exposure.

How to create an Amazon Cognito User Pool with a test user and authenticate to an HTTP API (backed by API Gateway) using a JWT token issued by Cognito.

Quick way to get started with testing out Microsoft's security products, using a lab built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC).

Bring AWS SSO-based credentials to the AWS SDKs until they have proper support.

kube-prometheus is a repository collecting Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring using the Prometheus Operator.

CLI tool for linting and testing Helm charts.

Event driven architecture for antivirus file scanning for Amazon S3 buckets.

Tunshell is a simple and secure method to remote shell into ephemeral environments such as deployment pipelines or serverless functions.

SpaceSiren is a honey token manager and alert system for AWS.

EKS now supports containerized applications that require access to EC2 instance metadata using the IMDSv2 format. IMDSv2 is an enhancement to instance metadata access that requires session-oriented requests to add defense in depth against unauthorized metadata access.

Route 53 has launched a new feature called Route 53 Resolver Query Logs, which allows to log all DNS queries made by resources within a VPC.

Public IPs have always been an easy attack surface, but GCP just released a new feature that lets you use Org Policies to limit IP creation.

Curation of many Azure Security Center (ASC) resources, organized in a format that can help you to go from absolutely no knowledge in ASC, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Azure Security Center.

Collection of resources that walks you through the Azure Sentinel level 400 training and help you become more proficient with Azure Sentinel.