PinnedSCP to restrict AWS regions and the weird behaviour of AWS global servicesAs a best practice to keep the cost under control and to better manage security, enterprises typically allow access to some AWS regions.Feb 15, 2023Feb 15, 2023
PinnedLoad Balance Traffic to Private EC2 instancesConfigure AWS Application Load Balancer (ALB) to distribute the HTTP traffic across a set of private EC2 instances present in private…Feb 14, 20232Feb 14, 20232
Troubleshooting SSH Connection to an EC2 Instance in AWSConnecting to an EC2 instances using SSH is one of the most common things I typically do (of course there is a more secure alternative…Dec 28, 2024Dec 28, 2024
Adding a Layer of Security Using AWS PrivateLinkAdding a Layer of Security Using AWS PrivateLinkOct 31, 2023Oct 31, 2023
Common Issues in S3 Cross-Account AccessLet’s explore the potential issues that can arise when setting up cross-account access to S3. Cross-account access involves a situation…Oct 17, 2023Oct 17, 2023
JWT Key Confusion Attack: Part2In Part1 we discussed the Key Confusion Attack. In this post we will use a vulnerable JWT application by Sjoerd Langkemper to demonstrate…Feb 11, 20211Feb 11, 20211
JWT Key Confusion Attack: Part1This post deals with the theory of Key Confusion Attack. Part2 deals with solving the JWT Lab by Sjoerd Langkemper to demonstrate the Key…Feb 11, 2021Feb 11, 2021
Maintaining Session in NTLM AuthenticationI came across a web application which uses NTLMv2 for authentication. I logged in to the application (provided my credentials for the…Jul 30, 2020Jul 30, 2020
