* @csima @Scott_Helme on securing your home network
* @libber lessons learned from running Facebook & Uber& #39;s #bugbounty program
* @0xdabbad00 gotchas in setting up isolated networks in #AWS
* @alsmola on IAM global condition context keys https://tldrsec.com/blog/tldr-sec-030/">https://tldrsec.com/blog/tldr...
As many of us are working from home these days, I found these posts by @csima and @Scott_Helme useful:
https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc">https://medium.com/@csima/ho... https://scotthelme.co.uk/securing-your-home-network-for-wfh/">https://scotthelme.co.uk/securing-...
https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc">https://medium.com/@csima/ho... https://scotthelme.co.uk/securing-your-home-network-for-wfh/">https://scotthelme.co.uk/securing-...
Some high quality, free security resources:
Stanford released the videos, slides, reading material, and course assignments for their Web Security course:
https://web.stanford.edu/class/cs253/
Google">https://web.stanford.edu/class/cs2... released a 550+ page book on Building Secure & Reliable Systems
https://landing.google.com/sre/books/ ">https://landing.google.com/sre/books...
Stanford released the videos, slides, reading material, and course assignments for their Web Security course:
https://web.stanford.edu/class/cs253/
Google">https://web.stanford.edu/class/cs2... released a 550+ page book on Building Secure & Reliable Systems
https://landing.google.com/sre/books/ ">https://landing.google.com/sre/books...
@0xdabbad00 gotchas in setting up isolated networks in AWS
https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/
https://summitroute.com/blog/2020... href="https://twitter.com/alsmola">@alsmola Fine-tuning access with IAM global condition context keys https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee">https://medium.com/@alsmola/...
https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/
https://summitroute.com/blog/2020... href="https://twitter.com/alsmola">@alsmola Fine-tuning access with IAM global condition context keys https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee">https://medium.com/@alsmola/...
Using Vault with #Kubernetes
https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3
ATT&CK">https://medium.com/hashicorp... Matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/">https://www.microsoft.com/security/...
https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3
ATT&CK">https://medium.com/hashicorp... Matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/">https://www.microsoft.com/security/...
Does DNS over HTTP affect DNS rebinding? @sanktjodel & @gerald_doussot investigate
https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/
Get">https://research.nccgroup.com/2020/03/3... #dns results easily in JSON
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤘" title="Sign of the horns" aria-label="Emoji: Sign of the horns">
$ curl -H "accept: application/dns-json" \
" https://cloudflare-dns.com/dns-query?name=nccgroup.com&type=A"">https://cloudflare-dns.com/dns-query...
https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/
Get">https://research.nccgroup.com/2020/03/3... #dns results easily in JSON
$ curl -H "accept: application/dns-json" \
" https://cloudflare-dns.com/dns-query?name=nccgroup.com&type=A"">https://cloudflare-dns.com/dns-query...
Running a #bugbounty master class by @libber
http://collingreene.com/5_years_of_bug_bounty.html
Stats">https://collingreene.com/5_years_o... from 1,300 phishing campaigns
https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/
Regardless">https://research.nccgroup.com/2020/04/0... of sector, 50% of people who click a link will supply credentials
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😅" title="Smiling face with open mouth and cold sweat" aria-label="Emoji: Smiling face with open mouth and cold sweat">
http://collingreene.com/5_years_of_bug_bounty.html
Stats">https://collingreene.com/5_years_o... from 1,300 phishing campaigns
https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/
Regardless">https://research.nccgroup.com/2020/04/0... of sector, 50% of people who click a link will supply credentials
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:
https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> Summaries of great security talks
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🛠️" title="Hammer and wrench" aria-label="Emoji: Hammer and wrench"> The latest tools and useful blog posts
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🧪" title="Test tube" aria-label="Emoji: Test tube"> My various research projects
Thanks for reading, have a great day!
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😎" title="Smiling face with sunglasses" aria-label="Emoji: Smiling face with sunglasses"> https://tldrsec.com/ ">https://tldrsec.com/">...
Thanks for reading, have a great day!