Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
54 articles in "cloud-security" — page 4 of 6
Zero Trust replaces the perimeter security model with continuous, explicit verification of every access request. NIST SP 800-207 defines the seven tenets; this article maps them to cloud implementation patterns relevant to Indian enterprises.
Virtual Private Clouds implement network isolation through software-defined networking. This article examines VPC design, the difference between Security Groups and NACLs, microsegmentation, and DDoS protection — with AWS as the reference implementation.
Cloud governance defines the policies and guardrails that prevent misconfiguration at scale. This article covers AWS Organizations, Service Control Policies, the Well-Architected Framework security pillar, FinOps controls, and the baseline every cloud account must reach before workloads are deployed.
Why logging is the foundation of cloud security, the seven distinct log sources every cloud workload generates, and how to build a centralised logging architecture that gives you the visibility to detect and respond to incidents.
How attackers destroy cloud evidence and how defenders build structural defences against it — plus the forensic report structure, BSA 2023 Section 63 certificate requirements, and the single most important rule every cloud forensic investigator must follow.
The forensic artifacts left by Dropbox and Google Workspace on Windows endpoints, API-based investigation techniques for enterprise deployments, and the legal considerations when requesting third-party cloud storage data.
Dissecting the anatomy of a CloudTrail event, identifying high-value forensic event patterns, querying logs at scale with Athena, validating log integrity, and maintaining chain of custody for cloud-sourced evidence.
What makes cloud forensics fundamentally different from traditional digital forensics, the three-dimensional model, cloud as victim/tool/witness, and the NIST IR 8006 challenges that every cloud investigator must understand.
A practitioner map of the AWS security service ecosystem — from GuardDuty threat detection to IAM identity controls to Shield DDoS protection — with cross-provider equivalents for Azure and GCP.