Thread by @clintgibler, tl;dr sec #30* @csima @Scott_Helme on securing your home network* @libber lessons [...]

tl;dr sec #30
* @csima @Scott_Helme on securing your home network
* @libber lessons learned from running Facebook & Uber's #bugbounty program
* @0xdabbad00 gotchas in setting up isolated networks in #AWS
* @alsmola on IAM global condition context keys https://tldrsec.com/blog/tldr-sec-030/

[tl;dr sec] #30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure...

How to secure your home WiFi network, Microsoft releases ATT&CK matrix for Kubernetes, free 550+ page book by Google’s SREs on building secure systems.

https://tldrsec.com/blog/tldr-sec-030/

As many of us are working from home these days, I found these posts by @csima and @Scott_Helme useful:

https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc https://scotthelme.co.uk/securing-your-home-network-for-wfh/

Securing your home network in preparation for Working From Home

I'm fortunate to have spent the last few years either working from home or travelling the World doing training, consultancy and public speaking. With the recent Coronavirus epidemic having quite...

https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc

Some high quality, free security resources:

Stanford released the videos, slides, reading material, and course assignments for their Web Security course:
https://web.stanford.edu/class/cs253/

Google released a 550+ page book on Building Secure & Reliable Systems
https://landing.google.com/sre/books/

@0xdabbad00 gotchas in setting up isolated networks in AWS
https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/

@alsmola Fine-tuning access with IAM global condition context keys https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee

Fine-tuning access with AWS IAM global condition context keys

IAM policies answer the question “who gets access to what?”, IAM policy conditions answer the question “who gets access to what, when?”.

https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/

Using Vault with #Kubernetes
https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3

ATT&CK Matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/

Does DNS over HTTP affect DNS rebinding? @sanktjodel & @gerald_doussot investigate
https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/

Get #dns results easily in JSON

$ curl -H "accept: application/dns-json" \\
" https://cloudflare-dns.com/dns-query?name=nccgroup.com&type=A"

Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

DNS over HTTPS (DoH) is a new protocol to perform DNS resolution over HTTPS. It has been in the news recently as Google and Mozilla have both implemented DoH in Chrome and Firefox respectively. DoH…

https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/

Running a #bugbounty master class by @libber
http://collingreene.com/5_years_of_bug_bounty.html

Stats from 1,300 phishing campaigns
https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/

Regardless of sector, 50% of people who click a link will supply credentials

Crave the Data: Statistics from 1,300 Phishing Campaigns

tl;dr 1,300 phishing campaigns were analysed involving over 360,000 usersTargets in Charities to be over 3 times more likely to click than the Health SectorHowever once clicked half of all targets …

http://collingreene.com/5_years_of_bug_bounty.html

If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:

Summaries of great security talks