Posts

Top Security Tools for AWS Cloud

AWS provides security tools designed to improve both account security and application and service security. An AWS account is an attack vector, as resources and data are accessible through the public application programming interface (API). Implementing a secure identity and access management strategy helps prevent leaking data — such as in S3 buckets — to the public. AWS’s many tools provide insights into your configured permissions and access patterns, and record all actions for compliance and audit purposes. Applications and services hosted in AWS are susceptible to different kinds of threats from the outside. Cross-site scripting (XSS), SQL injection, and brute-force attacks target public endpoints. Distributed denial-of-service (DDoS) attacks may attempt to bring down your services, potentially compromising your architecture security. Without proper management, sensitive information — such as database credentials — may leak. Therefore, it's critical that organizations migratin

Amazon-web-services – AWS S3 display file inline instead of force download

Image
For some reason files in my S3 bucket are being forced as downloads instead of displaying in-line so if I copy an image link and paste it into address bar and then navigate to displaying file or show option to downloading so in  this case you will have to make change in object metadata and add below field type in the configuration. Type- System defined Key- Content-Type Value- image/jpeg (You can select value from the drop down)

Change TimeZone in CentOS/RHEL 8/7

             Step 1- Check date and timezone           Command- date           Step 2- timedatectl list-timezones           (Select your timezone from this list and run with below command )           Step 3- timedatectl set-timezone America/Los_Angeles

Best cyber security practices for Enterprises to stay secure

In wake of the rising incidences of targeted attacks on enterprises, there is no way organizations can afford to ignore the importance of cyber security. Regardless of the size and type of enterprise, even a small data breach or cyber-attack could mean millions of dollars of loss, crippling the economy of enterprise. It is for this reason that as a thumb rule, enterprises start following these good cyber security practices, in order to be cyber secure against known and unknown threats: Invest in Security Solutions – An enterprise may be subjected to various kinds of threats and thus, to ensure enterprise-wide security, it is a good practise to invest in a variety of security solutions that cover the changing needs of an organization. Use Complex & Unique Password – As a thumb rule, enterprises must encourage employees to use strong and unique passwords and prohibit them from sharing their credentials. Invest in Training – Educate and train employees about cyber security so that the

CLOUD SECURITY

Image
  What is cloud security? Preparing your business for future success starts with switching from on-premises hardware to the cloud for your computing needs. The cloud gives you access to more applications, improves data accessibility, helps your team collaborate more effectively, and provides easier content management. Some people may have reservations about switching to the cloud due to security concerns, but a reliable cloud service provider (CSP) can put your mind at ease and keep your data safe with highly secure cloud services. Find out more about what cloud security is, the main types of cloud environments you'll need security for, the importance of cloud security, and its primary benefits. Lets understand the definition of cloud security- Cloud security, also known as cloud computing security, is a collection of security measures designed to protect cloud-based infrastructure, applications, and data. These measures ensure user and device authentication, data and resource acce

TOP 5 Phishing simulators [2022]

Image
  The title of this article was supposed to be “Top 5 Free Phishing Simulators.” However, after much searching. The final list does not include any of the fishy apps that let you create a fake website or phishing site for collecting data. I wanted to focus on tools that allow you to actually run a phishing campaign on your own i.e. create and send at least one phishing email to a real recipient. Basically, if you are looking for a free phishing simulator for your company, you are down to three choices and many more are there; 1) Open-source phishing platforms  2) Demo versions of commercial products 3) Simple tools that will allow you to craft a simple email message and send it to one or several recipients using a specified mail server 5 Simulators are ;  1.Infosec IQ 2. Gophish 3.Phishing Frenzy 4.King Phisher 5.Social-Engineer Toolkit (SET)   

How to release AWS Elastic IP || How to delete AWS NAT gateway

Image
  Please refer this video to achieve this LAB. You can refer my youtube channel for more videos.