4 Min Read December 10, 2019

Tips on How to Stay Secure at Conferences

At Threat Stack, we attend a lot of conferences: They can be a powerful way to connect with like-minded professionals and educate yourself on what’s new and trending in your industry. Since we attend so many conferences ourselves — in fact, the Threat Stack Team just got back from another great AWS re:Invent out in Las […]

6 Min Read September 12, 2019

Protecting Infrastructure With TLS Client Authentication

Here at Threat Stack we really like Yubikeys — and they’re a critical part of our security program. Many folks know Yubikeys for their ability to generate one-time codes for use as a second factor. Did you also know you can store certificates on them and use them in your operating system? I’ve written about […]

2 Min Read August 29, 2019

Trash Taxi: Taking Out the Garbage in Your Infrastructure

Trash Taxi: A Lifecycle Management Tool for Superuser Discovery & Cleanup

3 Min Read October 30, 2018

How to Create a Threat Model for Cloud Infrastructure Security

Our Motto is: Threat Modeling: The sooner the better, but never too late. — OWASP The practice of creating a threat model can help teams proactively understand and develop a strategy for managing the possible vulnerabilities their organization faces, instead of waiting until after an incident occurs. OWASP defines threat modeling as “a procedure for […]

3 Min Read July 25, 2018

How to Avoid Targeted AWS Attacks With Secure AWS Keys

If the headlines are any indication, hackers continue to exploit vulnerabilities in cloud infrastructure platforms, with targeted AWS attacks becoming very common. Many attacks follow similar patterns: Actors are typically looking opportunistically for AWS keys, which are either accidentally posted to open source code websites like GitHub or stolen from employee laptops using malware. Once […]

3 Min Read July 10, 2018

Access Management Lessons From Timehop’s Cloud Security Breach

Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the […]