Elastic Stack SIEM Homelab

Setting up Elastic SIEM[Elasticsearch + Kibana] with secured communication in a VM homelab for experimentation and learning. This guide walks through configuration and options to assemble a functional SIEM stack to expand upon.
Read more →

GCP: Mitigating Security Vulnerabilities

Google Cloud Platform tools to mitigate various potential exploits and vulnerabilities. Dives into securing infrastructure, Network protections, Application Security, and Content vulnerabilities. Notes from Coursera course.
Read more →

GCP: Managing Security Course

Notes from Coursera ‘Managing Security in GCP’ course.
Read more →

Cloud Native Security

Notes from Steve White’s OWASP PDX talk on modernizing Security for cloud native platforms.
Read more →

How to Hack OAuth

BSides PDX talk by Aaron Parneki. How OAuth works, and various examples of how it has been breached.
Read more →

XXE For Dummies

XML eXternal Entities Notes from BSidesPDX talk by @brimy; giving a great introduction on how XXE vulnerabilities operate. Video posted Added to the OWASP 10 in 2017 Entities HTML “Entities” are the usual entrypoint. & -> & rendered, triggers. XML has User-Defined Entities <!eNTITY xml “Extensible Markup Language”> %xml;External Entities <!ENTITY chapter1 SYSTEM "chapter1.txt"> Tag rendering executes call to find the contents of chapter1.txt and render it. Enables users to execute XML at the rendering phase, and access and return sensitive data.
Read more →