Currently Working On
Currently, my areas of focus are two: cloud native tech and red teaming. Here is a short list of what I’m currently working on in my spare time.
- Cloud Native Tech
- Cloud Security (AWS, Azure, GCP)
- Container Security (docker, kubernetes)
- So I Heard You Want to Learn Kubernetes -- An attempt to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.
- My Arsenal of Cloud Native (Security) Tools -- A curated list of (security) tools that can help assessing the security of AWS, Docker, Kubernetes, and even Git repositories.
- Docker + Consul + Vault: A Practical Guide -- How to use docker-compose to spin up a Vault instance backed by Consul.
- Offensive Infrastructure with Modern Technologies -- An N-part blog post series, to record my journey and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
- Red Teaming Mind Map from The Hacker Playbook 3 -- A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
- Offensive ELK -- Custom Elasticsearch setup, aiming to show how traditional defensive tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.
- GoScan -- An interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
- Robtex-Go -- A library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.