Open in app

Sign In

Write

Sign In

Dennis Chow
Dennis Chow

341 Followers

Home

About

Published in ScaleSec

·Pinned

Red Team Payload with Go and GCP

Introduction It’s no secret that offensive security professionals leverage the cloud for its abundant compute resources. Yet, many penetration testers and red teams only leverage a fraction of the cloud by installing their tooling on virtual machine instances for hash cracking, basic scanning and exploit delivery. Once in a while you…

Gcp

11 min read

Red Team Payload with Go and GCP
Red Team Payload with Go and GCP
Gcp

11 min read


Published in ScaleSec

·Pinned

Refactoring by Example for Security Engineers

Introduction As enterprises migrate more workloads into the cloud, security engineering teams can also benefit from adjusting their tools and workflows to take advantage of the lower cost of ownership and scalability that cloud brings. …

Cloud Security

13 min read

Refactoring by Example for Security Engineers
Refactoring by Example for Security Engineers
Cloud Security

13 min read


Published in ScaleSec

·Pinned

Exploit SSRF to gain AWS Credentials

In the cloud, it’s common to implement decoupled components that integrate and process client data transparently. Without adequate security controls at each component; multiple vulnerabilities will provide an attack path for threats to exploit. One common path includes vulnerable applications running on AWS EC2 with default instance metadata services (IMDS)…

Aws Ec 2

7 min read

Exploit SSRF to gain AWS Credentials
Exploit SSRF to gain AWS Credentials
Aws Ec 2

7 min read


Published in The Startup

·Pinned

Create Your Own Custom Encryption in Python

Learn how to create your own symmetric key encryption in Python 3 to evade antivirus controls, high entropy detection, and utilize a initialization vector — During a typical penetration testing engagement; I’ve often run into issues trying basic encoding or encryption techniques even with live off the land binaries (LOLbins) due to more aggressive endpoint security. …

Security

16 min read

Create Your Own Custom Encryption in Python
Create Your Own Custom Encryption in Python
Security

16 min read


Published in Towards Data Science

·Pinned

Leverage AWS Pipelines to enable DevSecOps

Use AWS CDK to create secure CI/CD pipelines and scan code before a deployment. — As a former Security Consultant at AWS, I often get asked something along the lines of: “How do we ensure CI/CD pipelines are secure and how do we validate security before an app is ever deployed?” …

AWS

9 min read

Leverage AWS Pipelines to enable DevSecOps
Leverage AWS Pipelines to enable DevSecOps
AWS

9 min read


Published in DataDrivenInvestor

·Jul 16, 2022

Study Guide For The GSE (GIAC Security Expert): Part 3

TL;DR I passed. These are tips to help you prepare for the GSE labs to be used with Parts 1 and 2 of my previous articles. If you came here looking for deep technical tutorials. Stay tuned to future articles. I’m allowed one “non-technical” article. Refresher For those catching up, I have…

Giac

5 min read

Study Guide For The GSE (GIAC Security Expert): Part 3
Study Guide For The GSE (GIAC Security Expert): Part 3
Giac

5 min read


Published in Top of the OPS

·Jun 27, 2022

A Beginner Friendly Introduction to Pipelines and Terraform

Learn to bootstrap Infrastructure as Code through a CI/CD pipeline in AWS using Terraform, Github, Snyk, and Leapp. Whether you’re in a large or small dev shop; continuous integration and continuous deployment (CI/CD) pipelines in tandem with Infrastructure as Code (IaC) are mission critical. One of the most common things…

Terraform

18 min read

A Beginner Friendly Introduction to Pipelines and Terraform
A Beginner Friendly Introduction to Pipelines and Terraform
Terraform

18 min read


Published in DataDrivenInvestor

·May 28, 2022

Kickstart Zero Trust for Free

Learn how to cost effectively implement zero trust basics for small businesses and home users. Syncing on Zero Trust The term Zero Trust has different meanings and scopes across the industry. While we can generally blame this on yet another marketing term; the truth is that this concept and architecture wasn’t really possible to…

Zero Trust

22 min read

Kickstart Zero Trust for Free
Kickstart Zero Trust for Free
Zero Trust

22 min read


Published in ScaleSec

·May 20, 2022

Implementing Secure Code in the Cloud

As customers develop and migrate their workloads to the cloud, including refactoring to use serverless technologies, application layer security is more critical than ever. Access, encryption, and web application firewalls (WAF) are the usual controls mentioned for many cloud solutions. However, none of those are focused on code specific protections…

AWS Lambda

8 min read

Implementing Secure Code in the Cloud
Implementing Secure Code in the Cloud
AWS Lambda

8 min read


Published in Towards Data Science

·Nov 7, 2021

Automate Security in AWS using Cloud Custodian

Learn how to use Cloud Custodian to automatically secure your AWS account using easy to use policies for free. Anyone who has ever used Amazon Web Services (AWS) knows that there are some great automated secure features like AWS Config. The downside is that depending on how busy your account(s)…

AWS

4 min read

Use Cloud Custodian to Automate Security in Amazon Web Services
Use Cloud Custodian to Automate Security in Amazon Web Services
AWS

4 min read

Dennis Chow

Dennis Chow

341 Followers

Security Practitioner | USAF Veteran *Opinions are my own

Following
  • Teri Radichel

    Teri Radichel

  • Cloudmersive

    Cloudmersive

  • Qwiklabs

    Qwiklabs

  • Ng Wai Foong

    Ng Wai Foong

  • ukyen

    ukyen

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech