6 Min Read September 12, 2019

Protecting Infrastructure With TLS Client Authentication

Here at Threat Stack we really like Yubikeys — and they’re a critical part of our security program. Many folks know Yubikeys for their ability to generate one-time codes for use as a second factor. Did you also know you can store certificates on them and use them in your operating system? I’ve written about […]

2 Min Read August 29, 2019

Trash Taxi: Taking Out the Garbage in Your Infrastructure

Trash Taxi: A Lifecycle Management Tool for Superuser Discovery & Cleanup

3 Min Read October 30, 2018

How to Create a Threat Model for Cloud Infrastructure Security

Our Motto is: Threat Modeling: The sooner the better, but never too late. — OWASP The practice of creating a threat model can help teams proactively understand and develop a strategy for managing the possible vulnerabilities their organization faces, instead of waiting until after an incident occurs. OWASP defines threat modeling as “a procedure for […]

3 Min Read July 25, 2018

How to Avoid Targeted AWS Attacks With Secure AWS Keys

If the headlines are any indication, hackers continue to exploit vulnerabilities in cloud infrastructure platforms, with targeted AWS attacks becoming very common. Many attacks follow similar patterns: Actors are typically looking opportunistically for AWS keys, which are either accidentally posted to open source code websites like GitHub or stolen from employee laptops using malware. Once […]

3 Min Read July 10, 2018

Access Management Lessons From Timehop’s Cloud Security Breach

Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the […]

3 Min Read July 9, 2018

Three Homegrown SecOps Tools Used by the Threat Stack Team

As a security company, there’s a lot of pressure to keep our data secure while still moving fast and innovating on product development. I find the intersection of security and speed the most interesting challenge as an infrastructure security professional. The unique thing about Threat Stack is that our Security and Engineering teams have learned […]