sadcloud: Templating cloud misconfigurations

less than 1 minute read

For posterity and discoverability, I’m syndicating all of my public work for NCC Group to this personal blog.

I built a Terraform-based tool for standing up intentionally insecure cloud environments.

Links

The announcement post can be found on the NCC Group blog.

sadcloud can be found on the NCC Group github.

Twitter Facebook LinkedIn

A History of Human Interaction Proofs

8 minute read

On Sequoia Capital’s Crucible Moments podcast, Paypal co-founder Max Levchin recounted the company’s early struggle to combat fraud. Their breakthrough came ...

AWS SES Verification Phishing: A Fifth Way

1 minute read

I previously shared four different AWS specific phishing attacks: Credential Phishing Device Authentication Phishing CloudFormation Stack Phishing A...

Risk in AWS SSM Port Forwarding

4 minute read

I recently stumbled on a suprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM’s Port Forwa...

Shipping RDS IAM Authentication (with a bastion host & SSM)