Learn how to cost effectively implement zero trust basics for small businesses and home users. Syncing on Zero Trust The term Zero Trust has different meanings and scopes across the industry. While we can generally blame this on yet another marketing term; the truth is that this concept and architecture wasn’t really possible to…

Learn how to use Cloud Custodian to automatically secure your AWS account using easy to use policies for free. Anyone who has ever used Amazon Web Services (AWS) knows that there are some great automated secure features like AWS Config. The downside is that depending on how busy your account(s)…

Learn how to create your own symmetric key encryption in Python 3 to evade antivirus controls, high entropy detection, and utilize a initialization vector — During a typical penetration testing engagement; I’ve often run into issues trying basic encoding or encryption techniques even with live off the land binaries (LOLbins) due to more aggressive endpoint security. Some customers are taking note of typical base64, RC4, and other commonly utilized encryption and or obfuscation techniques for…

Use AWS CDK to create secure CI/CD pipelines and scan code before a deployment. — As a former Security Consultant at AWS, I often get asked something along the lines of: “How do we ensure CI/CD pipelines are secure and how do we validate security before an app is ever deployed?” …

TL;DR I passed. These are tips to help you prepare for the GSE labs to be used with Parts 1 and 2 of my previous articles. If you came here looking for deep technical tutorials. Stay tuned to future articles. I’m allowed one “non-technical” article. Refresher For…

Learn how to securely refresh AWS access sessions quickly and free without the trouble of requiring federation for smaller environments — I used to work at Amazon Web Services (AWS) as a Security Consultant. One of our many duties were to ensure that clients and our own DevOps and Data Scientist teams were using short-lived credentials. For many of our junior members and newer customers, this was typically a tall order…

Learn how to deploy and simulate PACS systems with DICOM image transfers, troubleshooting, and understand security implications of each modality. — In this tutorial we’ll be covering how to setup and deploy a small medical imaging client-server based network using a combination of free and open source tools. In addition, we’ll troubleshoot some common interoperability issues between such systems; and also provide recommendations for Health Information Technology (HIT) professionals.