Elastic Stack SIEM Homelab
Setting up Elastic SIEM[Elasticsearch + Kibana] with secured communication in a VM homelab for experimentation and learning. This guide walks through configuration and options to assemble a functional SIEM stack to expand upon.
GCP: Mitigating Security Vulnerabilities
Google Cloud Platform tools to mitigate various potential exploits and vulnerabilities. Dives into securing infrastructure, Network protections, Application Security, and Content vulnerabilities. Notes from Coursera course.
GCP: Managing Security Course
Notes from Coursera ‘Managing Security in GCP’ course.
Cloud Native Security
Notes from Steve White’s OWASP PDX talk on modernizing Security for cloud native platforms.
How to Hack OAuth
BSides PDX talk by Aaron Parneki. How OAuth works, and various examples of how it has been breached.
XXE For Dummies
XML eXternal Entities Notes from BSidesPDX talk by @brimy; giving a great introduction on how XXE vulnerabilities operate. Video posted Added to the OWASP 10 in 2017 Entities HTML “Entities” are the usual entrypoint. & -> & rendered, triggers. XML has User-Defined Entities <!eNTITY xml “Extensible Markup Language”> %xml;External Entities <!ENTITY chapter1 SYSTEM "chapter1.txt"> Tag rendering executes call to find the contents of chapter1.txt and render it. Enables users to execute XML at the rendering phase, and access and return sensitive data.