January 20, 2020 Marco Lancini Reading time ~22 minutes

Mapping Moving Clouds:
How to stay on top of your ephemeral environments with Cartography

Staying on top of ephemeral environments is a challenge many organizations face. This blog post describes the process we undertook at Thought Machine, a cloud-native company with environments spanning across multiple cloud providers, to identify a solution able to detect, identify, categorize, and visualize all the cloud assets being deployed in an organization.

Starting from what the challenges posed by ephemeral environments are, and continuing with what Cartography is, why it is useful, the high-level design of its deployment, and concluding on how to consume the data it collects. We are also going to open source a set of custom queries and tooling we created to simplify data consumption.

Let’s start by defining what problem we are going to tackle and how Cartography can help with it.

December 15, 2019 Marco Lancini Reading time ~6 minutes

Cross Account Auditing in AWS and GCP

Ever been in the situation where you have dozens (or even more) of AWS accounts and/or GCP projects, and are in need to run a security tool against your entire estate?

In this post I’ll try to summarize what cloud resources (like roles and users) are needed, and how to define them in a manner that safely allows to perform a security audit across a fleet of AWS accounts/GCP projects.

September 14, 2019 Marco Lancini Reading time ~1 minute

Introducing CloudSecList.com

I had an idea bouncing in my mind for a while. Then, last week I, decided to put it out on Twitter to hear what people thought about it.

April 16, 2019 Marco Lancini Reading time ~13 minutes

Deploy Your Own Kubernetes Lab

This post is part of the “Kubernetes Primer for Security Professionals” series, and is going to cover multiple deployment options for a Kubernetes lab, ranging from more lightweight (like running Kubernetes locally) to more realistic ones (like deploying a multi-node cluster) suitable for security research.

February 04, 2019 Marco Lancini Reading time ~29 minutes

Offensive Infrastructure:
the HashiStack

This post is Part 2 of the “Offensive Infrastructure with Modern Technologies” series, and is going to focus on an automated deployment of the HashiCorp stack (i.e., the HashiStack).

Part 1 explained how to configure Consul in both single and multi node deployments using docker-compose, while here I’m going to provide a step-by-step walkthrough that will allow you to automatically deploy the full stack with Ansible.

About

CloudSecList

Projects

Publications

Home

Mapping Moving Clouds:
How to stay on top of your ephemeral environments with Cartography

Cross Account Auditing in AWS and GCP

Introducing CloudSecList.com

Deploy Your Own Kubernetes Lab

Offensive Infrastructure:
the HashiStack

About

Must Read

Kubernetes Primer for Security Professionals

Offensive Infrastructure with Modern Technologies

Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography

Red Teaming Mind Map from The Hacker Playbook 3

Offensive ELK: Elasticsearch for Offensive Security

Recent Articles

Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography

Cross Account Auditing in AWS and GCP

Introducing CloudSecList.com

Deploy Your Own Kubernetes Lab

Offensive Infrastructure: the HashiStack

Tags

Twitter Feed