MGMario Gongorainblog.leastprivilege.cloud·Jun 28 · 8 min readAWS Security Agent: Pentesting and Threat Modeling On DemandLast Saturday I was reading about AWS Security Agent. I'd seen it announced at re:Invent but never touched it. Three hours later I had a threat model running against one of my private repos, watching 00
MGMario Gongorainblog.leastprivilege.cloud·Jun 20 · 7 min readThree Security Checks for Any AWS PipelineA developer merges a pull request on a Friday afternoon. The repository is public. The commit includes an AWS access key hardcoded in a config file. Twenty minutes later, an email arrives from AWS Abu00
MGMario Gongorainblog.leastprivilege.cloud·Jun 14 · 8 min readResponding to a Compromised AWS Access KeyYou wake up to this email from AWS: Irregular Activity Detected for Your AWS Access Key As part of our standard monitoring of AWS systems, we observed anomalous activity in your AWS account that indi00
MGMario Gongorainblog.leastprivilege.cloud·Jun 7 · 10 min readDetect, Alert, Search: The SIEM You Already Have on AWSThe question came up in a security assessment. "Do you have a SIEM?" The honest answer was no. There was no budget for one either. A commercial SIEM meant a license, an ingestion bill that grew with e00
MGMario Gongorainblog.leastprivilege.cloud·May 30 · 8 min readA Starting Point for AWS Service Control PoliciesA team opens an AWS account. They deploy everything in us-east-1. Reasonable choice. Six months later, their AWS bill has EC2 instances running in ap-southeast-1. Nobody on the team worked in that reg00