July 09, 2021 Marco Lancini Reading time ~9 minutes

Automated GDrive Backups with ECS and S3

Over the past couple of weeks, I started thinking a bit more about adding resiliency to my personal projects and accounts.

In a previous post (“Automated Github Backups with ECS and S3”) I started by taking a look at how to back up my Github data. In this blog post, instead, I’m going to focus on GDrive, since it is where I store the majority of my personal data.

June 25, 2021 Marco Lancini Reading time ~7 minutes

Automated Github Backups with ECS and S3

Over the past couple of weeks, I started thinking a bit more about adding resiliency to my personal projects and accounts. You can follow my entire thought process on Twitter (see the embedded Tweet below), but in this blog post I’m going to focus on Github.

Following AWS, the second most critical service for my projects is Github: 90% of my code is stored there (mostly in private projects), and I have to admit I never took a backup of this data.

So I finally decided to set some time aside to set up an automated process to backup my Github account, and I ended up relying on ECS (Fargate) and S3 Glacier. This blog explains the architecture and implications of the final setup I decided to go with.

May 18, 2021 Marco Lancini Reading time ~12 minutes

On Establishing a Cloud Security Program

Congratulations! You have been tasked with establishing a cloud security strategy. Now what?

In this post, I’m going to walk through actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering.

April 25, 2021 Marco Lancini Reading time ~1 minute

Automating Cartography Deployments on Kubernetes

In “Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography” I described the process I undertook to deploy Cartography in a multi-cloud environment, from inception to self-service dashboards for data consumption.

Now, I’m going to open source an automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine.

March 30, 2021 Marco Lancini Reading time ~19 minutes

Kubernetes Lab on Baremetal

In “Deploy Your Own Kubernetes Lab” I covered multiple deployment options for a Kubernetes lab, ranging from more lightweight (like running Kubernetes locally) to more realistic ones (like deploying a multi-node cluster) suitable for security research.

In this blog post, I’m going to detail the steps I took to deploy my own Kubernetes Lab on baremetal, and on an Intel NUC in particular.

Previous Articles

2021-03-17	Security Logging in Cloud Environments - GCP MUST READ
2021-02-26	A Quick Look at GKE Autopilot (in 15 minutes)
2021-02-22	Security Logging in Cloud Environments - AWS MUST READ
2020-12-12	Semgrep for Cloud Security
2020-10-19	Introducing CloudSecDocs.com
2020-09-16	Domain-Wide Delegation of Authority in GSuite
2020-09-04	Tracking Moving Clouds: How to continuously track cloud assets with Cartography MUST READ
2020-07-23	So I Heard You Want to Learn Kafka MUST READ
2020-06-30	The Current State of Kubernetes Threat Modelling MUST READ
2020-06-17	Building a Serverless Mailing List in AWS
2020-04-14	My Blogging Stack
2020-03-22	Remote Development with a Chromebook in 2020
2020-01-20	Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography MUST READ
2019-12-15	Cross Account Auditing in AWS and GCP
2019-09-14	Introducing CloudSecList.com
2019-04-16	Deploy Your Own Kubernetes Lab
2019-02-04	Offensive Infrastructure: the HashiStack
2018-12-04	Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)
2018-11-18	Red Teaming Mind Map from The Hacker Playbook 3
2018-10-30	My Arsenal of Cloud Native (Security) Tools
2018-10-18	Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)
2018-09-26	So I Heard You Want to Learn Kubernetes MUST READ
2018-09-03	GoScan v2
2018-08-29	Offensive Infrastructure: Introduction to Consul
2018-07-16	Offensive ELK: Elasticsearch for Offensive Security MUST READ
2018-06-07	Robtex-Go: Go Client for the Robtex API
2018-05-18	Introducing GoScan (aka a reason to learn Go)
2018-02-03	Burp Pro as a Docker Container
2017-12-23	Docker + Consul + Vault: A Practical Guide
2017-06-05	Needle meets Jenkins: how to include Needle in your CI pipeline
2017-03-10	Needle v1.0.0 released: new native agent and support for iOS 10
2016-11-25	Needle V0.1.1 Released
2016-11-15	iOS 9: Effective Jailbreak
2016-10-04	Needle V0.0.4 Released
2016-09-14	Needle Status Update
2016-08-17	A quick intro to Needle
2016-08-16	Introducing Needle

Projects & Publications

Blog

About

Automated GDrive Backups with ECS and S3

Automated Github Backups with ECS and S3

On Establishing a Cloud Security Program

Automating Cartography Deployments on Kubernetes

Kubernetes Lab on Baremetal

Previous Articles

About

CloudSec* Projects

Collections

Continuous Visibility into Ephemeral Cloud Environments

Kubernetes Primer for Security Professionals

Offensive Infrastructure with Modern Technologies

Must Read

On Establishing a Cloud Security Program

Security Logging in Cloud Environments - GCP

Security Logging in Cloud Environments - AWS

Tracking Moving Clouds: How to continuously track cloud assets with Cartography

So I Heard You Want to Learn Kafka

The Current State of Kubernetes Threat Modelling

Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography

So I Heard You Want to Learn Kubernetes

Offensive ELK: Elasticsearch for Offensive Security

Recent Articles

Automated GDrive Backups with ECS and S3

Automated Github Backups with ECS and S3

On Establishing a Cloud Security Program

Automating Cartography Deployments on Kubernetes

Kubernetes Lab on Baremetal

Tags

Twitter Feed