Audit User Actions Using CloudTrail - Part 1

AWS CloudTrail is an essential service that records user actions and systems events. This is the first post of a series that demonstrates how to leverage CloudTrail to identify the IAM principal and establish timelines. This post is focused on same account access.

<span title='2020-09-17 23:53:23 -0400 -0400'>September 17, 2020</span>&nbsp;·&nbsp;0 min&nbsp;·&nbsp;David Xiao

Extract User Identity from AWS Cloudtrail

Whether you are troubleshooting or investigating something on AWS, being able to look up user identity across the Cloudtrail event logs can be very helpful.

<span title='2020-09-15 00:00:00 +0000 UTC'>September 15, 2020</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;David Xiao

One Time Password, HOTP and TOTP

All you need to know about OTP from a security perspective.

<span title='2020-09-10 00:00:00 +0000 UTC'>September 10, 2020</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;David Xiao

Threat Modeling and STRIDE Model

This post is my collection of articles related to threat modeling and Microsoft STRIDE threat model.

<span title='2020-09-09 00:00:00 +0000 UTC'>September 9, 2020</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;David Xiao

SSH and TLS: Differences and Similarities

Review the differences and similarities between the two protocols from an architecture and security perspective.

<span title='2020-09-01 00:00:00 +0000 UTC'>September 1, 2020</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;David Xiao