Collaborate Disseminate
It has become clear that asking users to regularly change their passwords does not improve security, and has thus been forbidden e.g. by NIST and BSI.
Does this advice also apply for technical passwords for e.g. service accounts, that are … Continue reading Password change frequency for technical accounts
Recently our SOC has applied a security policy on our servers which doesn’t allow adding any user to "Replace a process level token" setting in "User rights assignment" in local security policy. Only "Local Service… Continue reading Service-specific user or Network Service?
I want to grant processes running on OpenStack infrastructure some access to AWS resources. (I also want to avoid manually rotating keys, and minimise the impact if credentials leak from these instances.)
Is there any secure way to associa… Continue reading How to grant AWS roles to OpenStack workloads?
Applications using a Google service account can use that service account’s key (a long-lived credential) to obtain a short-lived access token for Google Artifact Registry and documentation strongly urges against using a service account to … Continue reading Why use access token for Google Artifact Registry access?
A piece of python code at work was designed to run a few .ps1 scripts on remote machines to test for weak spots, using impacket.
The flow is –
We use impacket’s SMBConnection to upload .bat and .ps1 files to the remote machine.
impacket … Continue reading Powershell execution policy’s effect on remote processes
In order to improve our security posture, we changed several dozen internal applications over to using a new username and password to access an AS400 database a few months back.
However, there is some mystery process running on a Windows S… Continue reading What’s a good approach to finding the source application that’s attempting to access a database with an incorrect password? [migrated]
In Google Cloud I am trying to access a secret, my code is:
blob.download_to_filename(‘key.json’)
credentials = service_account.Credentials.from_service_account_file(‘key.json’)
secret_client = secretmanager.SecretManagerServiceClient(cred… Continue reading Best practice to access secret in Google Secretmanager?
I am trying to access kubernetes metrics server by impersonating a cluster-admin. The following is my yaml file for the cluster-admin created.
However, I am still unable to access the metrics server and the following is my outputs when tr… Continue reading Kubernetes accessing metrics server
I’ve noticed that people don’t use a user account for a specific task;
I keep thinking the concept is called a "service account"
But it causes a lot of issues surrounding security; for instance one should not use their general ad… Continue reading What is it called when you only use a user account for a specific task in your OS?
When I create domain user account with denied interactive logon, what are real security risks when hacker gets the password?
http://paulasitblog.blogspot.com/2017/01/deny-interactive-logon-for-service.html
Computer Configuration / Windows… Continue reading What are security risks of a domain user accounts with denied interactive logon?