#security (2018-10)

Archive: https://archive.sweetops.com/security/

2018-10-01

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:02:51 PM

https://github.com/forward3d/garrison

forward3d/garrison

Security, Compliance and Informational Dashboard System - forward3d/garrison

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:03:03 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:06:53 PM

@Daren @Max Moon

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:03:07 PM

looks pretty!

Daren avatar
Daren
06:06:57 PM

@Daren has joined the channel

2018-10-03

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
09:31:43 PM

https://latacora.com/

2018-10-10

endofcake avatar
endofcake
09:29:43 AM

PacBot by T-Mobile for compliance monitoring - potentially useful? Quite heavy weight though, what with Redshift as one of the dependencies. https://github.com/tmobile/pacbot

tmobile/pacbot

PacBot (Policy as Code Bot). Contribute to tmobile/pacbot development by creating an account on GitHub.

Max Moon avatar
Max Moon
02:56:43 PM

not quite as comprehensive but another similar project i was looking at last year: https://github.com/capitalone/cloud-custodian

capitalone/cloud-custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources - capitalone/cloud-custodian

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:18:14 PM

a bunch of other security stuff

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:18:15 PM

https://www.threatstack.com/blog/22-most-under-used-aws-security-metrics

22 Most Under-Used AWS Security Metrics – Threat Stackattachment image

22 AWS security experts provide insights into important, yet often overlooked AWS security metrics by answering this question:

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:18:31 PM

https://www.itnews.com.au/news/iag-open-sources-aws-frameworks-499932

IAG open sources AWS frameworks

Keeps baking security into code creation for cloud.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:18:44 PM

https://www.kitploit.com/2018/08/cloudsploit-scans-aws-security-scanning.html?m=1

CloudSploit Scans - AWS Security Scanning Checksattachment image

Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:19:03 PM

https://searchcloudsecurity.techtarget.com/news/252446622/Netflix-launches-tool-for-monitoring-AWS-credentials

Netflix launches tool for monitoring AWS credentialsattachment image

At Black Hat 2018 in Las Vegas, Netflix security engineer William Bengtson explained how his company monitors AWS credentials and introduced a new open source tool, called Trailblazer.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:19:15 PM

https://blogs.wsj.com/cio/2018/07/24/dow-jones-develops-automated-security-tool/

Dow Jones Develops Automated Security Toolattachment image

The new tool, called Hammer, was developed partly in response to the growing need for automation amid talent shortages and the fast-paced nature of software development, said Dow Jones CISO Jaswinder Hayre.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
03:19:39 PM

https://rhinosecuritylabs.com/aws/aws-iam-enumeration-2-0-bypassing-cloudtrail-logging/

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:37:18 AM

@antonbabenko from the horses mouth: kms-based auto unsealing for vault getting released to open source

2
antonbabenko avatar
antonbabenko
03:38:19 AM

@antonbabenko has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:38:42 AM

Looks like your dream of simplifying module will be made easier

2018-10-11

antonbabenko avatar
antonbabenko
08:00:55 AM

Yes, this sounds like what I have meant. Where did you see it? URL?

antonbabenko avatar
antonbabenko
08:01:35 AM

Thanks everyone for bunch of security links!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
08:14:13 AM

(Meetup today / presenter was from hashicorp)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
08:14:32 AM

Expect announcement at hashiconf

antonbabenko avatar
antonbabenko
08:18:14 AM

Ahh, I thought it is there already. Yes, I know, there will be few exciting things announced there. Looking forward to it

mrwacky avatar
mrwacky
11:04:33 PM

@Gabe - of course you’re already here wave

1
Gabe avatar
Gabe
11:05:34 PM

wave

Gabe avatar
Gabe
11:06:48 PM

it’s where i saw pacbot

Gabe avatar
Gabe
11:06:51 PM

@endofcake have you used it?

Gabe avatar
Gabe
11:06:56 PM

any thoughts/opinions?

endofcake avatar
endofcake
11:09:55 PM

PacBot was released on Oct 5. Today is Oct 12. No, I haven’t used it, @Gabe.

1
antonbabenko avatar
antonbabenko
08:24:43 AM

What did you do the whole week???

endofcake avatar
endofcake
04:49:21 AM

I’ve been loafing, clearly )

Gabe avatar
Gabe
11:12:04 PM

Ohhh… didn’t realize it was that new

2018-10-12

samh avatar
samh
10:30:05 PM

@samh has joined the channel

2018-10-21

lvh avatar
lvh
11:54:27 PM

    keyboard_arrow_up