Finding critical vulnerabilities in your web application on Friday at 5PM.

Hey, I’m Phil Thomas, but I go by fatzombi on the internet.

I used to build software, now I break it. I am currently working with Stratum Security as an Application Security Consultant Lead.

I am a hacker, technologist, gamer, and aspiring farmsteader. I am passionate about security, privacy, and technology. I am a father and husband. I am a human.

Everything here is written by me, see my /ai page for more information on “AI” usage.

You can also find me at the links below:

Migrating from IAM Secret and Access Keys to OIDC for Secure AWS Deployments

Changing our GitHub Action to leverage OIDC instead of hard-coded AWS Secret and Access Keys.

Protect your S3-hosted static website with Origin Access Control

I previously wrote about Deploying a Jekyll website to AWS S3 with GitHub Actions and AWS CloudFormation. However, as I continue to learn more about AWS, the more tweaks I realize we can make. What I want to walk through today is removing the public access to our S3 bucket which hosts our static site. We will configure an Origin Access Control to allow only CloudFront to access the S3 bucket. There’s one caveat to our use case, but we can resolve that using CloudFront Functions. ...

Configuring a Private Burp Collaborator on AWS EC2 with Route 53 and Let's Encrypt

Tutorial demonstrating how to configure a private Burp Collaborator instance on AWS EC2 behind AWS Route 53 and Let's Encrypt for TLS certificates.

Automating Your Homelab with Proxmox, Cloud-init, Terraform, and Ansible — Part 3- Automating with Ansible

Picking back up where we left off in Part 2 of our homelab automation series, we now have Terraform creating our minimally configured VMs. However, installing and configuring software and settings on VMs can still be a tedious and time-consuming task, especially if you have many VMs and services to manage. This is where Ansible comes in. Overview of Ansible Ansible is an open source infrastructure as code tool that allows you to provision software, perform configuration management, and handle application deployments. Similar to Terraform, it uses a declarative language that is simple to write. Additionally, there are thousands of modules, most can be found at https://docs.ansible.com/ansible/latest/collections/index_module.html. In this article, we will explore how to use Ansible to automate the configuration of our VMs. ...

Automating Your Homelab with Proxmox, Cloud-init, Terraform, and Ansible — Part 2- Deploying your VMs with Terraform

Picking back up where we left off in Part 1 of our homelab automation series, we now have a cloud-init image that we can use to quickly and easily configure new virtual machines in Proxmox. However, manually creating and configuring each VM can still be a tedious and time-consuming task, especially if you have a lot of them to manage. This is where Terraform comes in. Overview of Terraform Terraform is an open-source infrastructure as code tool that allows you to define and manage your infrastructure as code. This code is a declarative language that is simple to write. In this article, we will explore how to use Terraform to automate the creation of VMs in Proxmox, using the previously generated cloud-init image. But before we can do that, we need to set up Proxmox to allow Terraform to authenticate and interact with the API. ...

Automating Your Homelab with Proxmox, Cloud-init, Terraform, and Ansible — Part 1- Configuring a base image with Cloud-Init

Cloud-init is an open-source package which allows the automation of the initial setup and configuration of virtual machines, making it much easier to manage and deploy them. With Cloud-init, we can define a set of instructions, contained within a user-data file, which tells each virtual machine what to do when it starts up. This user-data file can contain instructions such as configuring the network interfaces, setting up user accounts, or installing software packages. By using Cloud-init, we can streamline the process of setting up virtual machines and ensure consistent configurations across all the instances. ...

Automating Your Homelab with Proxmox, Cloud-init, Terraform, and Ansible — Introduction

Introduction article to building a homelab with Proxmox, Cloud-init, Terraform, and Ansible

Deploying a Jekyll website to AWS S3 with GitHub Actions and AWS CloudFormation

In this tutorial, we will configure a static website using Jekyll, GitHub Actions, AWS S3, AWS Route 53, AWS Certificate Manager, AWS CloudFront, and AWS CloudFormation. And yes, that sounds like a mouthful, but trust me, it’s not as intimidating as it sounds. To begin, we’ll highlight the main technologies being used and the role they play in our solution. Next, I’ll dive into the roles of each AWS offering used in this architecture, including how CloudFormation is used to create and manage the infrastructure for our website, how Route 53 and Certificate Manager are used to manage our domain, DNS records, and TLS certificates, and how CloudFront will be used for content delivery and caching. ...

Using Docker and X11 Forwarding to run Kali Linux on macOS

Walkthrough showing how to setup Kali Linux as a Docker container and use X11 Forwarding to have a seamless workflow on macOS.