Learn how to create your own symmetric key encryption in Python 3 to evade antivirus controls, high entropy detection, and utilize a initialization vector — During a typical penetration testing engagement; I’ve often run into issues trying basic encoding or encryption techniques even with live off the land binaries (LOLbins) due to more aggressive endpoint security. …

Use AWS CDK to create secure CI/CD pipelines and scan code before a deployment. — As a former Security Consultant at AWS, I often get asked something along the lines of: “How do we ensure CI/CD pipelines are secure and how do we validate security before an app is ever deployed?” …

TL;DR I passed. These are tips to help you prepare for the GSE labs to be used with Parts 1 and 2 of my previous articles. If you came here looking for deep technical tutorials. Stay tuned to future articles. I’m allowed one “non-technical” article. Refresher For those catching up, I have…

Learn to bootstrap Infrastructure as Code through a CI/CD pipeline in AWS using Terraform, Github, Snyk, and Leapp. Whether you’re in a large or small dev shop; continuous integration and continuous deployment (CI/CD) pipelines in tandem with Infrastructure as Code (IaC) are mission critical. One of the most common things…

Learn how to cost effectively implement zero trust basics for small businesses and home users. Syncing on Zero Trust The term Zero Trust has different meanings and scopes across the industry. While we can generally blame this on yet another marketing term; the truth is that this concept and architecture wasn’t really possible to…

Learn how to use Cloud Custodian to automatically secure your AWS account using easy to use policies for free. Anyone who has ever used Amazon Web Services (AWS) knows that there are some great automated secure features like AWS Config. The downside is that depending on how busy your account(s)…