Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
148 articles across all categories — page 9 of 17
Internal vs external cloud audits, the concept of continuous auditing, and a practitioner guide to SEBI CSCRF 2024, CERT-In 2022, DPDP Act 2023, and RBI IT Framework — the four Indian regulations that shape every cloud deployment in the financial sector.
A practitioner map of the AWS security service ecosystem — from GuardDuty threat detection to IAM identity controls to Shield DDoS protection — with cross-provider equivalents for Azure and GCP.
What makes cloud forensics fundamentally different from traditional digital forensics, the three-dimensional model, cloud as victim/tool/witness, and the NIST IR 8006 challenges that every cloud investigator must understand.
Dissecting the anatomy of a CloudTrail event, identifying high-value forensic event patterns, querying logs at scale with Athena, validating log integrity, and maintaining chain of custody for cloud-sourced evidence.
The forensic artifacts left by Dropbox and Google Workspace on Windows endpoints, API-based investigation techniques for enterprise deployments, and the legal considerations when requesting third-party cloud storage data.
How attackers destroy cloud evidence and how defenders build structural defences against it — plus the forensic report structure, BSA 2023 Section 63 certificate requirements, and the single most important rule every cloud forensic investigator must follow.
How container isolation actually works (and where it breaks), image security with Trivy and Cosign, runtime security with Falco, the 4Cs of cloud-native security, and the Kubernetes-specific risks that appear in every cluster audit.
How cloud security controls are layered across preventive, detective, and corrective tiers — and a complete walkthrough of the 17 domains of the CSA Cloud Controls Matrix v4.
NIST SP 800-145, NIST CSF 2.0, and ENISA cloud security guidance — compared side-by-side, with the Capital One 2019 breach as a case study in how framework application prevents real-world cloud disasters.