Tested three approaches to automating security questionnaires with AI: expensive SaaS vendors, custom RAG solutions, and direct LLM use. Skip the vendors and try these alternatives instead.| Marco Lancini's Blog
How to make your content interactive by building a conversational knowledge base. A practical walkthrough using CloudSecList, LLMs, and Cloudflare Workers.| Marco Lancini's Blog
Building an AppRunner on EC2 with Cloudflare Zero Trust Access was originally published by Marco Lancini at Marco Lancini's Blog on October 31, 2024.| Marco Lancini's Blog
My book, The CloudSec Engineer, is available today!| Marco Lancini's Blog
The CloudSec Engineer will be available for purchase on the 27th of June 2024.| Marco Lancini's Blog
CloudSecGPT is a custom-built generative AI model that specializes in cloud security.| Marco Lancini's Blog
My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace.| Marco Lancini's Blog
Some actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering| Marco Lancini's Blog
A detailed step-by-step process on how to safely migrate away from Terraform Cloud to S3 for state management.| Marco Lancini's Blog
How to use Cloudflare Tunnel to securely access a Flask webapp running in a private subnet in ECS on Fargate, without exposing the app to the public internet.| Marco Lancini's Blog
How I migrated from AWS SES to Cloudflare Email Routing for handling incoming emails for my domains.| Marco Lancini's Blog
A first attempt at grouping security-related roles into macro-functions commonly found in tech companies.| Marco Lancini's Blog
How I blocked advertisements in my home office, mimicking the Pi-hole's behaviour, using only serverless technologies (Cloudflare Gateway, to be precise).| Marco Lancini's Blog
A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components.| Marco Lancini's Blog
A quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine the impact of CVE-2022-0847 on their company's infrastructure.| Marco Lancini's Blog
How I've replaced Docker Desktop with minikube on my MacBook| Marco Lancini's Blog
How to use Cloudflare Tunnel to connect my Intel NUC to the Cloudflare network, and Auditable Terminal to connect to it using nothing more than a browser.| Marco Lancini's Blog
k8s-lab-plz is a modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components.| Marco Lancini's Blog
A methodology to create and share weekly digests, both for individuals and teams.| Marco Lancini's Blog
Architecture and implications of an automated process aiming to backup a GDrive account, relying on ECS Fargate and S3 Glacier.| Marco Lancini's Blog
Architecture and implications of an automated process aiming to backup a Github account, relying on ECS Fargate and S3 Glacier.| Marco Lancini's Blog
Open sourcing an automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine.| Marco Lancini's Blog
My personal approach to deploy my own Kubernetes Lab on baremetal, and on an Intel NUC in particular.| Marco Lancini's Blog
How to design a state of the art multi-account security logging platform in GCP.| Marco Lancini's Blog
I was curious to take a look at GKE Autopilot, so if you don't have time to play with it, I did it for you.| Marco Lancini's Blog
How to design a state of the art multi-account security logging platform in AWS.| Marco Lancini's Blog
Experimenting with Semgrep to eradicate classes of (cloud) vulnerabilities from Infrastructure as Code.| Marco Lancini's Blog
This post introduces CloudSecDocs.com, a website collecting curated technical notes, how-tos, and cheatsheets related to cloud-native technologies.| Marco Lancini's Blog
How to setup Domain-Wide Delegation of Authority in GSuite.| Marco Lancini's Blog
How to leverage Cartography and Elasticsearch to continuously monitor all cloud assets in your estate and alert on any instance of drift.| Marco Lancini's Blog
This post is part of the Kubernetes Primer for Security Professionals series, and is going to try to help security professionals approach Kafka, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects of it.| Marco Lancini's Blog
Blog post summarising the outcome produced by three main initiatives which took upon the challenge of threat modelling a Kubernetes cluster, so that anyone can use them as a starting point for their own (custom) threat modelling exercise.| Marco Lancini's Blog
A blog post describing my workflow for creating and managing a serverless mailing list solution based on top of SES.| Marco Lancini's Blog
A few people lately have been asking me about my blogging setup, so I've decided to write a post to explain what's behind the scenes of this website.| Marco Lancini's Blog
Assuming you have a remote Linux workstation, how can you streamline your experience? This post explains how to setup a Chromebook for remote development.| Marco Lancini's Blog
How to leverage Cartography to detect, identify, categorize, and visualize all the assets being deployed in your estate.| Marco Lancini's Blog
What cloud resources are needed, and how to define them in a manner that safely allows a tool to perform a security audit across a fleet of AWS accounts/GCP projects.| Marco Lancini's Blog
This post introduces CloudSecList.com, a collection of security-related news and articles focusing on the cloud native landscape.| Marco Lancini's Blog
This post is part of the Kubernetes Primer for Security Professionals series, which covers multiple deployment options for a Kubernetes lab suitable for security research.| Marco Lancini's Blog
This post is Part 2 of the Offensive Infrastructure with Modern Technologies series, which is going to provide a step-by-step walkthrough that will allow you to automatically deploy the full HashiCorp stack with Ansible.| Marco Lancini's Blog
Analysis of the Critical Vulnerability affecting Kubernetes API Server (CVE-2018-1002105).| Marco Lancini's Blog
A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.| Marco Lancini's Blog
Curated list of (security) tools tailored for cloud native technologies.| Marco Lancini's Blog
Practical Guide explaining how to find hosts vulnerable to the libSSH Authentication Bypass (CVE-2018-10933) and how to exploit them to gain shell access.| Marco Lancini's Blog
This post is part of the Kubernetes Primer for Security Professionals series, and is going to try to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.| Marco Lancini's Blog
GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap.| Marco Lancini's Blog
This post is Part 1 of the Offensive Infrastructure with Modern Technologies series, which is going to provide an introduction to the HashiCorp suite, and to Consul in particular.| Marco Lancini's Blog
How traditional defensive tools for Offensive security data analysis have advantages over the traditional grep when parsing and analysing data.| Marco Lancini's Blog
Robtex-Go is a library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.| Marco Lancini's Blog
GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap.| Marco Lancini's Blog
How to run any GUI application (and Burp Pro in particular) from Docker.| Marco Lancini's Blog
How to use docker-compose to spin up a Vault instance backed by Consul.| Marco Lancini's Blog
How to include Needle in your CI pipeline.| Marco Lancini's Blog
A major overhaul of its core and the introduction of a new native agent, written entirely in Objective-C.| Marco Lancini's Blog
Now with new integrations for Cydia Substrate and Theos.| Marco Lancini's Blog
How to regain space in the System partition without bricking your device.| Marco Lancini's Blog
Updates for the upcoming OWASP AppSec USA 2016 talk.| Marco Lancini's Blog
A status update on Needle and upcoming conferences.| Marco Lancini's Blog