BSides Archives - Jean-Christoph von Oertzen

Event takeaways: BSidesMeSh21 – day 2

jean-christoph — Tue, 22 Jun 2021 16:05:01 +0000

My key takeaways 11 min from publishing credentials (accidently) to github till pwn 2019: ~200k credentials in Github ; 2021: +20% runtime secrets go to application secrets managers AWS Secrets Manager GCP Secrets Manager Hashicorp Vault Azure Vault InfoSec’s dirty little secret: We can’t know all the options, but we still need to help secure […]

The post Event takeaways: BSidesMeSh21 – day 2 appeared first on Jean-Christoph von Oertzen.

Event takeaways: BSidesMeSh21 – day 1

jean-christoph — Mon, 21 Jun 2021 16:34:29 +0000

My key takeaways Security in sprints vs whole security sprints? Smaller activities from the very beginning. It is not full time, but always ongoing. And maybe, if the situation is very tricky, entire sprints might be necessary, too. — Thomas Fricke Kubernetes does its best to be secure inside. Unfortunatly it is not configured so […]

The post Event takeaways: BSidesMeSh21 – day 1 appeared first on Jean-Christoph von Oertzen.

Workshop takeaways: OSINT for Cyber Defenders

jean-christoph — Sun, 20 Jun 2021 11:09:27 +0000

My key takeaways Always do OSINT with the assumption in mind, that the software you are using is compromised Sock puppet accounts do not use real images like from Google Image Search as this might be considered identity theft in some countries make the email account information match you sock puppet use lastpass to store […]

The post Workshop takeaways: OSINT for Cyber Defenders appeared first on Jean-Christoph von Oertzen.