Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
54 articles in "cloud-security" — page 3 of 6
The Center for Internet Security (CIS) publishes cloud-specific benchmarks for AWS, Azure, and GCP with over 200 controls per benchmark. This article explains how to read, prioritise, and apply CIS Benchmarks using automated tooling.
A Server-Side Request Forgery vulnerability in a web application combined with the EC2 Instance Metadata Service creates one of the most commonly exploited attack chains in AWS environments. IMDSv2 closes this chain — understanding how reveals why the fix works.
Misconfigured S3 buckets and overprivileged insiders account for the majority of cloud data breaches. This article examines both vectors — the technical anatomy of storage misconfiguration and the behavioural and technical controls for insider threat detection.
APT groups have adapted their techniques for cloud infrastructure. This article examines the cloud APT kill chain — from initial access through privilege escalation, lateral movement across accounts, and data exfiltration — with detection patterns for each stage.
The SolarWinds and XZ Utils attacks demonstrated that trusted software is a high-value attack vector. Cloud environments extend the supply chain to container images, infrastructure modules, CI/CD pipelines, and SaaS integrations — each requiring specific controls.
Cloud threat intelligence extends beyond IP and domain blocklists to include IAM event patterns, anomalous API calls, and cloud-specific IOCs. This article covers threat intelligence sources, IOC categories, and how to operationalise intelligence in AWS and Azure environments.
The IaaS-PaaS-SaaS triad is only the beginning. Modern cloud platforms offer Function as a Service, Container as a Service, Database as a Service, and Security as a Service — each with its own shared responsibility boundary and distinct attack surface.
Gartner's 6R strategies — Rehost, Replatform, Repurchase, Refactor, Retire, and Retain — each carry a distinct security posture, migration risk, and compliance consideration relevant to the Indian enterprise context.
Zero Trust replaces the perimeter security model with continuous, explicit verification of every access request. NIST SP 800-207 defines the seven tenets; this article maps them to cloud implementation patterns relevant to Indian enterprises.