How some Let's Encrypt renewal failures pointed to an AWS traffic hijacking issue
tl;dr A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP assigned to me, effectively hijacking my AWS-sourced traffic.
Mangatepopo to Waihohonu to Whangaehu to Iwikau Notes, photos, and maps from a few days in the Aotearoa mountains
What's the word for a large collection of fraudulent web stores? It started simply enough...
Using Cosign (and Vault and Fulcio and Rekor) to sign binaries Code signing, what is it good for?
Scones scones scones One way to pass time during a pandemic
select * from cloud; with Steampipe A SQL-like abstraction over all your cloudy things
Programmatic Terraform config manipulation, Semgrep's autofix, and an example of OSS contribution A story of cloud, automation, but mostly just contributing to open source - in several acts
Severity ratings should mean something Perhaps we do not share the same definition of "critical"?
Automating security things with GitHub Actions "Give a small boy a hammer and he will find that everything he encounters needs a pounding."
Living the Mitsubishi JB500 dream (Small camper, big dream.)
Simulated phishing is not so great 1) Don't be a jerk, and 2) consider the alternatives
Going live with Abridge! Sometimes, you just have to take that one step...
Participating in the GitHub token scanning program General impressions, and a little Python to validate the signature on incoming alerts.
Complement my nets Calculating IP range reversals with Python 3's ipaddress
Security, CI/CD, and continuous assurance Automated, low-effort security is the best kind
Post-build DOM manipulation with pyquery I suspect this isn't really how you're supposed to do things, but hey.. works for me
Listing O365 group members Powershell is an ugly hammer but it occasionally drives a nail effectively, or at least saves a bunch of copy-paste-reformat busy-work
Startups and security questionnaires Get me off this never-ending hamster wheel of pain
Generating weekly O365-hosted mailbox statistics Getting incoming message counts out of Exchange Online
Security is not a binary thing Balancing, estimation, & trade-offs
Host your own git repository Because you don't always need GitHub to git
Assessing security posture Some open-ended questions
Amazon Linux security updates & needs-restarting Determining if an updated Amazon Linux (or Red Hat / CentOS) system requires a reboot
Startup security Smart decisions in the early stages...
Security's need to be named An argument against DevSecOps (SecDevOps?) & secure development lifecycles
NICUs are amazing Modern medicine & stubborn preemies FTW.
Asynchronous Python with gevent Spamming web servers with HTTP GETs since the mid-2000s.
Productivity inside 13 inches Just say no to multi-monitor madness. Or - at least - be capable of working without it.
HIPAA musings Security regulation that doesn't suck.
Removing metadata from PDF files Dealing with 'informational' risk penetration test findings, one at a time...
Mangatepopo to Waihohonu to Whangaehu to Iwikau Notes, photos, and maps from a few days in the Aotearoa mountains
What's the word for a large collection of fraudulent web stores? It started simply enough...
Using Cosign (and Vault and Fulcio and Rekor) to sign binaries Code signing, what is it good for?
Scones scones scones One way to pass time during a pandemic
select * from cloud; with Steampipe A SQL-like abstraction over all your cloudy things
Programmatic Terraform config manipulation, Semgrep's autofix, and an example of OSS contribution A story of cloud, automation, but mostly just contributing to open source - in several acts
Severity ratings should mean something Perhaps we do not share the same definition of "critical"?
Automating security things with GitHub Actions "Give a small boy a hammer and he will find that everything he encounters needs a pounding."
Living the Mitsubishi JB500 dream (Small camper, big dream.)
Simulated phishing is not so great 1) Don't be a jerk, and 2) consider the alternatives
Going live with Abridge! Sometimes, you just have to take that one step...
Participating in the GitHub token scanning program General impressions, and a little Python to validate the signature on incoming alerts.
Complement my nets Calculating IP range reversals with Python 3's ipaddress
Security, CI/CD, and continuous assurance Automated, low-effort security is the best kind
Post-build DOM manipulation with pyquery I suspect this isn't really how you're supposed to do things, but hey.. works for me
Listing O365 group members Powershell is an ugly hammer but it occasionally drives a nail effectively, or at least saves a bunch of copy-paste-reformat busy-work
Startups and security questionnaires Get me off this never-ending hamster wheel of pain
Generating weekly O365-hosted mailbox statistics Getting incoming message counts out of Exchange Online
Security is not a binary thing Balancing, estimation, & trade-offs
Host your own git repository Because you don't always need GitHub to git
Assessing security posture Some open-ended questions
Amazon Linux security updates & needs-restarting Determining if an updated Amazon Linux (or Red Hat / CentOS) system requires a reboot
Startup security Smart decisions in the early stages...
Security's need to be named An argument against DevSecOps (SecDevOps?) & secure development lifecycles
NICUs are amazing Modern medicine & stubborn preemies FTW.
Asynchronous Python with gevent Spamming web servers with HTTP GETs since the mid-2000s.
Productivity inside 13 inches Just say no to multi-monitor madness. Or - at least - be capable of working without it.
HIPAA musings Security regulation that doesn't suck.
Removing metadata from PDF files Dealing with 'informational' risk penetration test findings, one at a time...