Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
148 articles across all categories — page 6 of 17
Cloud forensic evidence must satisfy the legal admissibility standards of the jurisdiction in which it will be used. This article covers the Indian legal framework for digital evidence, the structure of a forensic report, expert witness obligations, and the BSA 2023 Section 63 certificate.
A Security Information and Event Management (SIEM) system aggregates logs from all cloud sources for correlation and threat detection. SOAR (Security Orchestration, Automation, and Response) automates the playbook execution when threats are detected. This article covers both in the cloud context.
OpenStack is the open-source cloud platform underlying NIC MeghRaj (India's National Cloud) and many large enterprise private clouds. Understanding its component security model is essential for government and large-enterprise cloud security practitioners in India.
Serverless platforms like AWS Lambda, Azure Functions, and Google Cloud Functions abstract the infrastructure entirely — but they do not abstract the security. This article examines the unique attack surface, isolation model, and security controls for serverless workloads.
Cloud incident response differs from traditional IR in critical ways — cloud resources are ephemeral, attacker actions are API calls, and evidence is in managed logs. This article describes the cloud IR lifecycle, core playbooks for common scenarios, and CERT-In reporting obligations.
India's two most operationally significant cyber regulations — CERT-In Directions 2022 and the Digital Personal Data Protection Act 2023 — impose specific technical obligations on cloud deployments. This article maps each requirement to concrete cloud configuration controls.
Quantum computers capable of breaking RSA and ECDSA are expected within a decade. NIST finalised three post-quantum cryptographic standards in August 2024. This article explains the threat, the standards, and how cloud environments should begin the migration.
Database passwords, API keys, TLS certificates, and service tokens are secrets that grant access to sensitive systems. This article covers the architecture, rotation lifecycle, and best practices for managing secrets in cloud environments.
Standing privileged access — permanent admin roles — is the single biggest attack surface in cloud environments. Privileged Access Management (PAM) with Just-in-Time (JIT) provisioning reduces that surface to near zero. This article covers PAM architecture, JIT patterns, and implementation on AWS.