Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
148 articles across all categories — page 8 of 17
The SolarWinds and XZ Utils attacks demonstrated that trusted software is a high-value attack vector. Cloud environments extend the supply chain to container images, infrastructure modules, CI/CD pipelines, and SaaS integrations — each requiring specific controls.
Cloud threat intelligence extends beyond IP and domain blocklists to include IAM event patterns, anomalous API calls, and cloud-specific IOCs. This article covers threat intelligence sources, IOC categories, and how to operationalise intelligence in AWS and Azure environments.
The IaaS-PaaS-SaaS triad is only the beginning. Modern cloud platforms offer Function as a Service, Container as a Service, Database as a Service, and Security as a Service — each with its own shared responsibility boundary and distinct attack surface.
Gartner's 6R strategies — Rehost, Replatform, Repurchase, Refactor, Retire, and Retain — each carry a distinct security posture, migration risk, and compliance consideration relevant to the Indian enterprise context.
Zero Trust replaces the perimeter security model with continuous, explicit verification of every access request. NIST SP 800-207 defines the seven tenets; this article maps them to cloud implementation patterns relevant to Indian enterprises.
Virtual Private Clouds implement network isolation through software-defined networking. This article examines VPC design, the difference between Security Groups and NACLs, microsegmentation, and DDoS protection — with AWS as the reference implementation.
Identity is the new perimeter. SAML 2.0, OpenID Connect, and OAuth 2.0 enable organisations to federate their corporate identity into cloud platforms — eliminating the need for per-service passwords while centralising authentication and audit.
Cloud governance defines the policies and guardrails that prevent misconfiguration at scale. This article covers AWS Organizations, Service Control Policies, the Well-Architected Framework security pillar, FinOps controls, and the baseline every cloud account must reach before workloads are deployed.
Why logging is the foundation of cloud security, the seven distinct log sources every cloud workload generates, and how to build a centralised logging architecture that gives you the visibility to detect and respond to incidents.