DevSecOps
IAM Roles That Fail Loud: Small Defaults, Big Difference
A small Pulumi library that treats IAM safety as a precondition: mandatory permissions boundary, no wildcard trust, no wildcard actions, every opt-out explicit.
RivasSec
Infrastructure. Security. Insight.
Field notes on infrastructure security, cloud hardening, Kubernetes, IAM, and OSINT by RivasSec.
Start here
Latest posts
Bandit-Clean Pwnagotchi Plugins: How `subprocess` Goes From Risk to Routine
Pwnagotchi plugins live one shell=True away from local code execution. Walking through the hardening of bt-tether-multi against Bandit B602/B603/B607: full-path resolution with shutil.which(), argv-list invocations, MAC and name validation, and the # nosec discipline. The patterns generalize to anything that shells out from Python.
Continue reading
IAM Roles That Fail Loud: Small Defaults, Big Difference
A small Pulumi library that treats IAM safety as a precondition: mandatory permissions boundary, no wildcard trust, no wildcard actions, every opt-out explicit.
Continue reading
Never Lose Connection: Multi-Phone Bluetooth Tethering for Pwnagotchi
bt-tether-multi is a Pwnagotchi plugin for intelligent multi-phone Bluetooth tethering with automatic WAN failover and silent-disconnect recovery in the field.
Continue reading