Introducing opinel: Scout2's favorite tool 03 Aug 2015 - Loïc Simon With boto3 being stable and generally available1, NCC took the opportunity to migrate Scout2 and AWS-recipes to boto3. As part of that migration effort, we decided to publish the formerly-known-as AWSUtils repository – used by Scout2 and AWS-recipes – as a python package required … Continue reading Tool Release: Introducing opinel: Scout2’s favorite tool
Category: iSec Partners
IAM user management strategy (part 2)
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy (part 2) 09 Jun 2015 - Loïc Simon The previous [IAM user management strategy] (/aws/2015/02/24/iam_user_management.html) post discussed how usage of IAM groups enables AWS administrators to consistently grant privileges and … Continue reading IAM user management strategy (part 2)
iSEC audit of MediaWiki
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC audit of MediaWiki 21 Apr 2015 - Valentin Leon iSEC Partners is happy to announce the public release of our latest project with the Open Technology Fund: the review of Wikimedia Foundation’s MediaWiki. The Open … Continue reading iSEC audit of MediaWiki
Work daily with enforced MFA-protected API access
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Work daily with enforced MFA-protected API access 03 Apr 2015 - Loïc Simon AWS Security Token Service The AWS Security Token Service (STS) is the gateway used to create sessions when MFA-protected API access … Continue reading Work daily with enforced MFA-protected API access
Use and enforce Multi-Factor Authentication
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Use and enforce Multi-Factor Authentication 02 Apr 2015 - Loïc Simon What is Multi-Factor Authentication? When enabled, Multi-Factor Authentication (MFA) provides strong defense-in-depth against compromises of credentials. MFA-enabled users … Continue reading Use and enforce Multi-Factor Authentication
iSEC reviews SecureDrop
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC reviews SecureDrop 23 Mar 2015 - Valentin Leon As part of our projects with the Open Technology Fund, such as the review of TrueCrypt, iSEC Partners audited Freedom of the Press’ SecureDrop. SecureDrop is an open-source … Continue reading iSEC reviews SecureDrop
Whitepaper: Recognizing and Preventing TOCTOU
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 - Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered in modern code. This diverse … Continue reading Whitepaper: Recognizing and Preventing TOCTOU
IAM user management strategy
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy 24 Feb 2015 - Loïc Simon Use IAM groups When granting privileges to IAM users, AWS account administrators should avoid use of user-specific policies. Instead, create groups whose name explicitly … Continue reading IAM user management strategy
Do not use your AWS root account
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Do not use your AWS root account 23 Feb 2015 - Loïc Simon What is the AWS root account? The AWS root account is the account that was used — or created — when … Continue reading Do not use your AWS root account
Announcing the AWS blog post series
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the AWS blog post series 22 Feb 2015 - Loïc Simon Starting this month, iSEC Partners will start a series of blog posts related to AWS. The goal of these blog posts will … Continue reading Announcing the AWS blog post series