Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
148 articles across all categories — page 7 of 17
Data Loss Prevention (DLP) in cloud environments protects sensitive data from unauthorised exfiltration across storage, SaaS applications, email, and API endpoints. This article covers DLP architecture, cloud-native tools, and Indian regulatory requirements for data protection.
Backup and disaster recovery are security controls — ransomware recovery, business continuity after a region outage, and regulatory compliance all depend on a tested backup strategy. This article covers RTO/RPO, backup strategies, immutable backups, and AWS DR patterns.
Shift-left security embeds security testing at every stage of the software development lifecycle rather than treating it as a final gate. This article maps security controls to each CI/CD stage — from pre-commit hooks to production monitoring.
A cloud security audit systematically compares an organisation's cloud posture against a standard (CIS Benchmark, NIST CSF, ISO 27001) to identify gaps. This article describes the audit process, evidence collection methods, and remediation tracking.
Manual compliance checking does not scale in cloud environments where thousands of resources are created and modified daily. Policy-as-Code replaces manual review with automated enforcement using AWS Config, HashiCorp Sentinel, OPA, and Terraform guardrails.
The Center for Internet Security (CIS) publishes cloud-specific benchmarks for AWS, Azure, and GCP with over 200 controls per benchmark. This article explains how to read, prioritise, and apply CIS Benchmarks using automated tooling.
A Server-Side Request Forgery vulnerability in a web application combined with the EC2 Instance Metadata Service creates one of the most commonly exploited attack chains in AWS environments. IMDSv2 closes this chain — understanding how reveals why the fix works.
Misconfigured S3 buckets and overprivileged insiders account for the majority of cloud data breaches. This article examines both vectors — the technical anatomy of storage misconfiguration and the behavioural and technical controls for insider threat detection.
APT groups have adapted their techniques for cloud infrastructure. This article examines the cloud APT kill chain — from initial access through privilege escalation, lateral movement across accounts, and data exfiltration — with detection patterns for each stage.