Taming the Jungle: Hardening your AWS infrastructure

After nine tutorials, sixteen posts on stack overflow, and several hours or workweeks of effort you’ve finally done it. You’ve finally got something in Amazon Web Services (AWS) to work as expected. It could have been something as simple as a static hosted site, or as complicated as a massive blockchain distributed machine learning web …

Taming the Jungle: Hardening your AWS infrastructure Read More »

10 Tips for Engaging a Security Services Vendor

The Information Security market brought in an estimated $167 billion in 2019 and that’s expected to double in the next 4-5 years according to some estimates. With that huge growth comes an avalanche of security companies promising to fix all of your cyber worries. Some of them offer amazing services with fantastic value. Others, not …

10 Tips for Engaging a Security Services Vendor Read More »

Automating Red Team Homelabs: Part 2 – Build, Pentest, Destroy, and Repeat

As of 2019-05-14 the Funny Stories section has been updated. Now that we understand what the goal is from my first blog post, we can move into the good stuff! The packer build process is pretty much the whole reason I embarked on this journey of automation. I got tired of installing kali from an …

Automating Red Team Homelabs: Part 2 – Build, Pentest, Destroy, and Repeat Read More »

Better API Penetration Testing with Postman – Part 3

In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities. In this part, we will dig into some slightly more advanced functionality in Postman that you …

Better API Penetration Testing with Postman – Part 3 Read More »

We take security seriously and other trite statements

Earlier this week, Secure Ideas sent an initial notification regarding an incident targeting us that took place at a vendor. The initial notification email is available at: https://training.secureideas.com/newsletter/aom-incident-notification/).We promised at that time to release more details as soon as we collected them and better understood the situation.  In this blog post, we share what we …

We take security seriously and other trite statements Read More »

Scroll to Top