Jared Perry - Stratum Security Blog

Sign in Subscribe

Jared Perry

Early Lessons from the Capital One Data Breach

Early Lessons from the Capital One Data Breach

As more details about the Capital One breach are released in court filings [https://www.scribd.com/document/420164056/Paige-Thompson-Criminal-Complaint] and media reporting, we can start to look at where controls failed to prevent this breach and what lessons companies working in AWS can take away from this event. Based

Route 53 as Pentest Infrastructure

Route 53 as Pentest Infrastructure

Use of DNS infrastructure is a staple of blind application testing and data exfiltration. Both of these scenarios are applicable in most pentest engagements, but building engagement specific DNS infrastructure can be a pain. Now with so many cloud providers available, can we make deployment of this infrastructure easier? Enter