High Signal Security
Home
About
CFPs
2024
August 27, 2024
Industrial IAM Service Role Creation
August 16, 2024
An AWS IAM Security Tooling Reference [2024]
August 13, 2024
π [Tracebit] Canary Infrastructure vs. Real World TTPs
July 31, 2024
Poisoning the SSM Command Document Well
July 30, 2024
Flying Prompt Airlines
July 23, 2024
π [CrowdAlert] Tips for SOCLess Oncall
July 16, 2024
π [Tracebit] A hard look at GuardDuty shortcomings
July 12, 2024
Thwacking DDOS with AWS WAF
July 09, 2024
π [tweet] Minor security disclosure in RDS Snapshot Public Sharing
June 26, 2024
Publicly Exposed AWS SSM Command Documents
June 21, 2024
AWS OIDC Provider Enumeration
June 18, 2024
π [fwd:cloudsec] The Path to Zero Touch Production
June 12, 2024
π [tl;dr sec] Sub-Venture Scale Security Problems
June 10, 2024
Building to Prevent Subdomain Takeovers
June 05, 2024
π [tl;dr sec] The Race to Make a Business of Secure Defaults
June 03, 2024
What happened to RASP?
May 29, 2024
π [tl;dr sec] Donβt Security Engineer Asymmetric Workloads
May 28, 2024
π [Venture in Security] Challenges in Security Engineering Programs
May 24, 2024
Publicly Exposed AWS Document DB Snapshots
May 15, 2024
π [tl;dr sec] Wiring a Winning Security Organization
May 13, 2024
*AST and *SPM: Acquisition Magnets
May 01, 2024
π [tl;dr sec] open source - prompt-injection-defenses
April 29, 2024
Semgrep for Terraform Security
April 25, 2024
Intentionally Leaking AWS Access Keys - GitLab
April 24, 2024
π Security is a Team Sport
April 21, 2024
10 Things Your First Security Hire Shouldnβt Do
April 10, 2024
π [tl;dr sec] open source - awesome-secure-defaults
April 10, 2024
π [Venture in Security] Customer Love
April 01, 2024
Deciding on S3 Intelligent Tiering
February 25, 2024
The state of ABAC on AWS (in 2024)
February 14, 2024
Did your research: Prior Art for "15 ideas for cloud security research"
2023
December 09, 2023
Steampipe + Access Advisor
December 05, 2023
Quick Tip: Minimizing Terraformed SCPs
November 07, 2023
A History of Human Interaction Proofs
October 20, 2023
AWS SES Verification Phishing: A Fifth Way
August 03, 2023
Risk in AWS SSM Port Forwarding
July 25, 2023
Shipping RDS IAM Authentication (with a bastion host & SSM)
July 10, 2023
π [tl;dr sec] How to securely build product features using AI APIs
June 12, 2023
π [fwd:cloudsec] Beyond the AWS Security Maturity Roadmap
April 29, 2023
π BSidesSF 2023 Panel (video)
April 20, 2023
π [Return on Security] Signal v. Noise in the RSA Innovation Sandbox
March 29, 2023
A Guide to S3 Logging
March 07, 2023
Reducing Attack Surface with AWS Allowlisting
January 18, 2023
π Startup Security Starter Pack
January 18, 2023
π AWS Lambda Risks and Threats
January 17, 2023
AWS Could Do More About SSO Device Auth Phishing
2022
December 24, 2022
AWS Phishing: Four Ways
December 22, 2022
π [Datadog Security Labs] A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins
December 06, 2022
π [tl;dr sec] StaffEng Security Stories
December 06, 2022
π [tl;dr sec] Buying Security
November 23, 2022
π Breach List Database
July 31, 2022
Removing sensitive data from a Github repository
June 04, 2022
Buying Security: Bibliography
May 15, 2022
OWASP DevSlop: AWS (Customer) Security Incidents [2022]
February 03, 2022
[Cedar] Defining Cedar's Security Values
2021
August 24, 2021
[tl;dr sec] Cloud Security Orienteering
August 08, 2021
[DEFCON Cloud Village] Cloud Security Orienteering
2020
November 14, 2020
[BSidesCT] Learning from AWS (Customer) Security Incidents
September 26, 2020
[BSides Boston] AWS Security - Easy Wins and Enterprise Scale
August 18, 2020
An AWS IAM Security Tooling Reference
July 11, 2020
π [NCC Group] An offensive guide to the Authorization Code grant
July 03, 2020
Path to CCSK: Security Guidance v4 (Domains 1-7)
July 02, 2020
Path to CCSK: ENISA
April 28, 2020
Brandeis MS in Information Security Leadership
April 28, 2020
π [NCC Group] The Extended AWS Security Ramp-Up Guide
April 18, 2020
$ git blame 4: Quitten/Autorize
2019
November 09, 2019
[BSidesCT] Building Castles in the Cloud: AWS Security and Self-Assessment
October 28, 2019
sadcloud: Templating cloud misconfigurations
October 20, 2019
[BASC] AWS Cloud Security Fundamentals
July 31, 2019
π [NCC Group] Hardening Enterprise Chromebooks Part 3: Chrome Browser Configuration
July 31, 2019
π [NCC Group] Hardening Enterprise Chromebooks Part 2: ChromeOS Hardening
July 29, 2019
π [NCC Group] Hardening Enterprise Chromebooks Part 1: Baseline Security Posture
July 19, 2019
π [NCC Group] One Thousand Misspelled Security Headers
2017
December 07, 2017
Methodology: Learn Android Application Security Testing
December 06, 2017
$ git blame 3: MobSF/Mobile-Security-Framework-MobSF
December 06, 2017
$ git blame 1: michenriksen/bucketlist
December 06, 2017
$ git blame 2: michenriksen/aquatone