Let’s say you’ve deployed a static site on our AWS account using Cloudfront and S3, such as described in Automated Static Site Deployment in AWS Using Terraform. When it comes time to update its content or tweak some settings, using an all-powerful AWS admin account is bad security practice (not…

In a prior post I described how to detection potential Log4shell ( CVE-2021–44228) exploitation by looking for patterns in a Java process’ write() or sendto() buffer in LDAP and RMI connections. One limitation of this is that it matches on text in the buffer. The good news is that as…

This article describes one way to detect the PwnKit ( CVE-2021–4034), a privilege escalation vulnerability on polkit’s pkexec utility. As with the previous post, we are using Falco for detection and Sysdig for analysis. Resources Qualys report PoC by berdav PoC by ly4k Premise Based on the Qualys report, this exploit depends…

This is a write-up about detecting exploitation of the Log4Shell vulnerability ( CVE-2021–44228) in Log4j by monitoring specific syscalls using Falco. This post also describes the analysis I employed to arrive at my conclusions. Note that this is not meant to be an end-all detection for Log4Shell but instead one…

This is a quick and reusable way to deploy an AWS-hosted environment for static sites generated by the likes of Hugo and Jekyll. The code is written in Terraform, which allows us to set up (and tear down, if needed) all the necessary components just by running a few commands. …