Archives

Last week was the first public release of vpc-vpn-pivot , a tool that allows you to connect to private VPC subnets using an AWS Client VPN. I created this tool to allow penetration testers to [...]

Just published the white-paper for my latest research: Internet-Scale analysis of AWS Cognito Security. The white-paper contains the methodology and results of an internet-scale security analysis [...]

Conferences. We have plenty of them these days, good and bad, underground and business-focused, small, large and extra large. When you are young and start attending conferences all you care about [...]

New to AWS security? Want to learn more about AWS hacking techniques? You should definitely attend my “Intro to AWS Hacking” training at Ekoparty Los Angeles! The training was [...]

Will and I have teamed up to bring you the Web Application Hacker Level-up Lab at Black Hat USA 2019! This hands-on course is designed for hungry intermediate+ penetration testers and seasoned [...]

Cloud computing provider will suffer major breach And we’ll all reconsider running our most business-critical applications and storing our unencrypted information in the cloud. The hack [...]

I’m hooked on cloud security, it has a little bit of everything: network security, application security, automation and DevOps . One of my latest cloud security assessments was on a huge [...]

As an external consultant that focuses on application penetration testing I’m not usually invited to application design, business logic discussions or threat modelling sessions. A few weeks [...]