DEV Community

Road to CloudSec LATAM Series' Articles

Back to Gerardo Castro Arica's Series
I Deployed OpenClaw on AWS and Here's What I Found as a Cloud Security Engineer (Part 1)
Cover image for I Deployed OpenClaw on AWS and Here's What I Found as a Cloud Security Engineer (Part 1)
gerardokaztro profile

I Deployed OpenClaw on AWS and Here's What I Found as a Cloud Security Engineer (Part 1)

#aws #openclaw #ai #security
3
Comments 2
6 min read
A 2018 Access Key. Still Active in Production. Here's the Python Script That Found It Across an Entire AWS Organization.
Cover image for A 2018 Access Key. Still Active in Production. Here's the Python Script That Found It Across an Entire AWS Organization.
gerardokaztro profile

A 2018 Access Key. Still Active in Production. Here's the Python Script That Found It Across an Entire AWS Organization.

#aws #python #security #opensource
1
Comments
7 min read
The script worked. The CISO needed something else. iam-audit v2: interactive dashboard, root account detection and Docker.
Cover image for The script worked. The CISO needed something else. iam-audit v2: interactive dashboard, root account detection and Docker.
gerardokaztro profile

The script worked. The CISO needed something else. iam-audit v2: interactive dashboard, root account detection and Docker.

#aws #python #security #docker
3
Comments
8 min read
I Kept Auditing OpenClaw on AWS Lightsail: 53 Default Skills, No Channel Access Controls, Deletable Logs (Part 2)
Cover image for I Kept Auditing OpenClaw on AWS Lightsail: 53 Default Skills, No Channel Access Controls, Deletable Logs (Part 2)
gerardokaztro profile

I Kept Auditing OpenClaw on AWS Lightsail: 53 Default Skills, No Channel Access Controls, Deletable Logs (Part 2)

#aws #openclaw #security #ai
3
Comments
10 min read
OpenClaw on AWS Lightsail — Threat Model Alignment: OWASP, MITRE ATLAS, and the Gap No Framework Anticipated (Part 3)
Cover image for OpenClaw on AWS Lightsail — Threat Model Alignment: OWASP, MITRE ATLAS, and the Gap No Framework Anticipated (Part 3)
gerardokaztro profile

OpenClaw on AWS Lightsail — Threat Model Alignment: OWASP, MITRE ATLAS, and the Gap No Framework Anticipated (Part 3)

#ai #aws #security #openclaw
1
Comments
12 min read
My manager asked if it could run itself. Here's how I automated iam-audit with Fargate, EventBridge and Terraform (Part 3)
Cover image for My manager asked if it could run itself. Here's how I automated iam-audit with Fargate, EventBridge and Terraform (Part 3)
gerardokaztro profile

My manager asked if it could run itself. Here's how I automated iam-audit with Fargate, EventBridge and Terraform (Part 3)

#aws #security #python #boto3
1
Comments
7 min read
I automated an AWS Security Maturity Model recommendation across 40 accounts — design decisions included
Cover image for I automated an AWS Security Maturity Model recommendation across 40 accounts — design decisions included
gerardokaztro profile

I automated an AWS Security Maturity Model recommendation across 40 accounts — design decisions included

#aws #security #cloud #python
Comments
10 min read
Mutable tags. 10,000 pipelines. One credential. — What the Trivy attack taught me about implicit trust
Cover image for Mutable tags. 10,000 pipelines. One credential. — What the Trivy attack taught me about implicit trust
gerardokaztro profile

Mutable tags. 10,000 pipelines. One credential. — What the Trivy attack taught me about implicit trust

#ai #security #devsecops #aws
Comments
10 min read