Setting up Elastic SIEM[Elasticsearch + Kibana] with secured communication in a VM homelab for experimentation and learning. This guide walks through configuration and options to assemble a functional SIEM stack to expand upon.
Google Cloud Platform tools to mitigate various potential exploits and vulnerabilities. Dives into securing infrastructure, Network protections, Application Security, and Content vulnerabilities. Notes from Coursera course.
Notes from Steve White’s OWASP PDX talk on modernizing Security for cloud native platforms.
BSides PDX talk by Aaron Parneki. How OAuth works, and various examples of how it has been breached.
XML eXternal Entities Notes from BSidesPDX talk by @brimy; giving a great introduction on how XXE vulnerabilities operate. Video posted Added to the OWASP 10 in 2017 Entities HTML “Entities” are the usual entrypoint. & -> & rendered, triggers. XML has User-Defined Entities <!eNTITY xml “Extensible Markup Language”> %xml;External Entities <!ENTITY chapter1 SYSTEM "chapter1.txt"> Tag rendering executes call to find the contents of chapter1.txt and render it. Enables users to execute XML at the rendering phase, and access and return sensitive data.