Have you ever heard of these things called Managed Service Accounts? They allow you to run programs as an account that doesn't require a password while still having the security of a strong password. They're pretty neat.

CI/CD on AWS

The new version of the Microsoft CISO workshop is out! We updated all of the content and recorded 16 videos (~4 hours total) covering learnings and best practices for security programs and strategies (metrics, maturity models, Zero Trust and much more) aka.ms/CISOWorkshop

Vendor: "Please have your DNS provider contact us." Me: "I'm my DNS provider." V: "No, the people who run the nameservers." Me: "I run my nameserver." V: "No not the data entry part, the people who actually provide the DNS service." Me: "I do it. On a server." V: "No, ...."

Shout-out to everyone on-call, but still trying to have a "normal" weekend:

🔥 New Post: Announcing InAppBrowser - see what JavaScript commands get injected through an in-app browser 👀 TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps. krausefx.com/blog/announcin…

Tales from a recent pentest of a product hosted on the AWS cloud backed by Kubernetes (EKS) and a whole lot of secure design goodness that withstood the attack attempts ➤ blog.appsecco.com/hacking-an-aws…

THEY BLAMED THE FIREWALL AND THE NETWORK! I SPENT HOURS TAKING PCAPS AND ANALYZING THEM AND DETERMINED IT WAS AN APPLICATION MISCONFIGURATION! TURNS OUT THE DEVELOPER HAD JUST MADE A CHANGE AND THAT'S WHY THE APP WAS FAILING! BUT DO YOU THINK I GOT ANY THANKS???

When dealing with Time Series databases, I always got confused with Sample vs Metrics vs Cardinality. Here's a thread to offer an explanation as I have understood it. 🧵

How the CNCF think you should be using all the tools from their landscape

Tribal knowledge at a company is a strange thing. Want to set up SSO for an application? Well, you will need to talk to enough elders until you find the one who was able to successfully appease the goat god four years ago. Hope that person wrote some notes down in an email.

Explaining programming to a 6-year-old: 1. You have something you want to do. 2. You write code to do it. 3. The code doesn’t work. 4. You fix the mistakes. 5. When the program works, you realize your idea was wrong. 6. You fix the idea. 7. Goto 2.

Today, Amazon is excited to #opensource a key technology that powers EventBridge. Event Ruler is a Java library that allows you to build apps that can match any number of rules against events at several hundred thousand events per second. #AWS go.aws/3x02Tat

#ADCS (Active Directory Certificate Services) can be exploited to escalate privs. ESC1 (escalation technique 1) is when a certificate template permits Client Authentication and allows the enrollee to supply an arbitrary Subject Alternative Name (SAN) 👏LuemmelSec

new little song: "The Re-Org Rag (I'm My Own VP)"

debugging strategy: make sure your code is running

Happy birthday to me! My codebase is ten years old, as of today: github.com/prometheus/pro… Today, the PromCon 2022 EU videos were released: youtube.com/watch?v=2Wlza5… Finally, you should follow me on Mastodon: chaos.social/@prometheus

OpenAI ChatGPT is now an AWS Certified Cloud Practitioner! This is crazy🤯 It attempted 20 questions of my AWS Certified Cloud Practitioner practice exams. The results are bluffing!!! Final score: 800/1000; a pass is 720

A must read for SREs: What every SRE should know about file descriptors, pipes, terminals, user sessions, process groups and daemons 🤯 biriukov.dev/docs/fd-pipe-s… by Viacheslav Biriukov

good morning and welcome to 2023