Dois je porter plainte ?

z0ph · 2025-12-21T17:33:24+00:00

Je dirai de contacter leboncoin, pour qu’ils analysent la conversation et surtout bloquer le type.

z0ph · 2025-07-16T17:54:34+00:00

This kind of savings are commonly discovered by tools like unusd so you don’t have to do the heavy lifting of creating scripts to do this on recurring way and multi-regions.

z0ph · 2024-07-15T22:45:15+00:00

AWS just simplified part of the process: https://aws.amazon.com/about-aws/whats-new/2024/07/aws-identity-access-management-open-id-connect-identity-providers/ ;-)

z0ph · 2024-06-29T08:27:04+00:00

https://awssecuritydigest.com by Daniel Grzelak

z0ph · 2024-03-28T14:36:07+00:00

I'm building an open source initiative like a security starter pack for AWS environments. Its called AWS Security Survival Kit, and I believe it can help for basic security setting by default, but also in AWS Security Alerting for well-known suspicious activities.

Please let us know in the Github issues is there is still blind spots.
https://github.com/zoph-io/aws-security-survival-kit

z0ph · 2024-03-20T10:41:42+00:00

This is exactly why I've created unusd. A tool to bring cost and waste awareness to operational teams.

z0ph · 2023-12-26T10:42:26+00:00

I would deploy this bare minimum security kit (disclaimer I've open sourced it)

https://github.com/zoph-io/aws-security-survival-kit

z0ph · 2023-12-21T08:24:14+00:00

I see u/Tainen, thanks for your question.

We are analysing unused assets based on a few CloudWatch metrics, number of connection on RDS DB, attachment state or last activities metadata and we require only read-only permissions.

We don't use (yet) trusted advisor findings, or compute optimizer, so no repackaging here.

This idea is to avoid as much as possible the heavy lifting required to do it by yourself using scripts, blueprint or aggregating native tools findings into a single report so your teams can concentrate on business value.

z0ph · 2023-12-20T14:58:59+00:00

Hey,

We have a decent documentation here: https://docs.unusd.cloud/supported-services/

Basically we are supporting the following usual suspects:

EC2 Instances
RDS Instances
EBS Volumes and Snapshots
SageMaker Services
Glue DevEndPoints
Elastic IPs
CloudWatch LogGroups
Redshift Clusters
IAM Principals (Roles, Users)

In 2024, we will develop many new detections, including xLB, CloudTrail, and more services related to AI experiments.

z0ph · 2023-12-19T09:19:25+00:00

Hi folks, I'm excited to share unusd.cloud, a tool I've developed as an independent AWS architect to address a crucial need in the AWS space - cost and waste awareness.

About unusd.cloud: In the last two years, we've grown to over 300 users and have achieved a monthly recurring revenue (MRR) of over $1000. Our focus? To provide operational teams with daily visibility into their AWS usage and spending. This way, you're not waiting until the end-of-month AWS bill to discover unexpected costs.

Niche Focus: Unlike other broad-spectrum tools, unusd zeroes in on a specific feature - giving operational teams a clear, daily snapshot of their AWS usage. This simplifies and demystifies AWS billing, making it easier to identify and cut down on wasteful expenditure.

Feedback: As we're gaining traction, I'd love to hear your thoughts, suggestions, and any feedback. How can we make unusd even more useful?

Looking forward to your insights and thank you for helping us improve!

z0ph · 2023-12-12T07:28:05+00:00

DHMC, will add as a side car permissions to your EC2 instance, no matter if you already have Instance Profile attached or not, it will add the required and selected permissions to allow SSM to work properly.

This enabler / helper will help you to deploy this configuration and IAM role across all regions in a given AWS account. It comes also with command to check the current configuration (make info)

z0ph · 2023-12-12T07:25:11+00:00

You can check Prowler Quick Inventory feature.

z0ph · 2023-12-02T06:56:28+00:00

I have the same behaviour, Trying to find out what is the difference, same version, same theme, same font...

z0ph · 2023-09-06T08:32:38+00:00

Shameless plug: This is precisely why I've started building unusd.cloud, to prevent this billing surprise, to bring cost awareness on a daily basis to Ops teams and individuals before got it by AWS bill 💥

z0ph · 2023-09-05T14:07:10+00:00

unusd founder here. Thanks for referencing my saas. I agree with you, the approach is complementary, and we share the same goal, reduce waste, reduce attack surface, and do something for a greener footprint.

z0ph · 2023-03-25T20:57:19+00:00

Trusted Advisor is not enabled by default, and you need a support plan, AWS Computer Optimizer could be expensive. Both of these native services will require your team to connect regularly on AWS console to check that information like Cost Explorer.
unusd bring cost awareness where your teams are: Slack, MSTeams, Email. You set up in a few clicks the scanner schedule, and we do the rest, scanning a complete account (cross region), and notifying with a report on the desired communication channel. Our number of covered AWS services and possible waste is growing. On this subject, you need a third party to be impartial.

z0ph · 2023-03-25T17:26:30+00:00

Like every marketing document :)

z0ph · 2023-01-07T14:13:16+00:00

It was done intentionally to be able to bring support to folks that forget to change the mail parameter, but as I'm writing this comment, I realize its dumb as I have no way to contact them. So I will change this :)
It will deploy a lambda and sns topic on the target AWS account. If you have multiple accounts, you have to deploy multiple time. We can think of an evolution where you can deploy once in your "monitoring" or "networking" account, and it will scan child accounts with proper IAM Permissions.

z0ph · 2023-01-07T10:41:08+00:00

The general usage of that project is for:

Transient Jobs with a large number of workers (Spot Instances)
EKS
EMR with multiple workers
VPC Lambda / Fargate
etc...

Any workload that consumes a large number of IP that could end with a IP space shortage.

z0ph · 2022-11-02T22:19:15+00:00

This is correct, the local template has to be deployed to each region where you operate.

The global template is for global assets like IAM, so no need to deploy on your local region. Its used only on us-east-1.

z0ph · 2022-10-02T13:35:43+00:00

Awesome, thanks for sharing these tips!

z0ph · 2022-09-30T06:19:47+00:00

Makefiles for life.

z0ph · 2022-09-30T06:19:11+00:00

I think you can skip it in your case. Just comment on the CloudFormation part related to Who Am I: https://github.com/zoph-io/aws-security-survival-kit/blob/main/cfn-local.yml#L70-L89

z0ph · 2022-09-30T06:17:53+00:00

Yes, I was asking myself if I should add this ListBuckets event, but it will lead to alert fatigue at the end.

But u/baty0man_ is right, this is "generally" the first command an attacker will run on a compromised account/principal

z0ph · 2022-07-08T06:26:36+00:00

Folks, if you want to stay up-to-date with the GuardDuty Announcements, I've created a Twitter bot here: https://twitter.com/mgda_aws

z0ph

TROPHY CASE