Welcome to The Hidden Port

Cloud Security, Automation, Best Practices, and Beyond.

I Investigated a Real Phishing Attack — Here's the Full Kill Chain

Walkthrough of a real phishing-initiated endpoint compromise I investigated. Covers the full attack chain from password-protected PDF to PowerShell loader, forensic analysis in an isolated lab, and the response failures that delayed containment.

July 17, 2026 · 9 min · 1898 words · Javier Pulido

AWS CloudTrail Log Analysis: How to Find Who Did What (And When)

How to actually use CloudTrail logs day-to-day — tracing non-compliant resources to their source, querying with Athena, and setting up alerts before things go wrong.

July 13, 2026 · 9 min · 1737 words · Javier Pulido

AWS SCPs That Actually Work: Practical Guide for Real Teams

SCPs every AWS org should deploy on day one — plus the break-glass pattern, limit gotchas, and why you shouldn’t use SCPs to fix human behavior.

July 8, 2026 · 9 min · 1711 words · Javier Pulido

AmazonSSMManagedInstanceCore: Full Policy Breakdown

Full breakdown of every permission in the AmazonSSMManagedInstanceCore IAM policy, plus a least-privilege custom alternative for production EC2 instances.

July 7, 2026 · 7 min · 1462 words · Javier Pulido

AWS Incident Response: 5 Scenarios & How to Contain Them

Five real-world AWS incident response scenarios with detection signals, containment steps, CLI commands, and automation examples. Practical guide for security teams.

July 7, 2026 · 7 min · 1474 words · Javier Pulido

AWS Misconfigurations I Find in Every Security Audit

Five AWS misconfigurations I find in every security audit — with Console and Terraform fixes for public S3 buckets, over-permissive IAM, open security groups, and missing monitoring.

July 7, 2026 · 4 min · 668 words · Javier Pulido

AWS Security Checklist: 30-Minute Account Review (2026)

A 30-minute security review for your AWS account — 30+ controls covering IAM hardening, S3 lockdown, logging, and budget alerts. Built for small teams.

July 7, 2026 · 3 min · 596 words · Javier Pulido

EKS Security Best Practices: Hardening Your Cluster

10 actionable EKS security best practices covering IAM integration, RBAC, network policies, pod security, image scanning, secrets management, and node hardening.

July 7, 2026 · 7 min · 1438 words · Javier Pulido

IAM Users Are Dead: Modern AWS Access Control for 2026

Stop using IAM users in AWS. This guide explains why they’re risky and how to migrate to Identity Center, STS, and OIDC-based access — step-by-step.

July 7, 2026 · 3 min · 480 words · Javier Pulido

Meeting CIS Benchmarks for EC2: A Practical Guide

How to map, audit, and automate CIS Benchmark compliance for EC2 instances using AWS Config, Security Hub, SSM, and open-source scanners.

September 25, 2025 · 3 min · 506 words · Javier Pulido

EKS Security Best Practices: Monitoring, Audit Logs & Runtime Detection (2026)

Practical EKS security checklist — control plane audit logs, Falco runtime detection, GuardDuty for containers, and the monitoring gaps most teams miss.

September 17, 2025 · 5 min · 955 words · Javier Pulido

eJPTv2 Prep Guide: Study Plan for Cloud Security Engineers

If your background is cloud security and you’re thinking about breaking into pentesting, the eJPTv2 is a solid entry point. I took it coming from years of AWS security work — hardening infrastructure, responding to incidents, writing detection rules — and found the transition both natural and surprisingly humbling. This post covers how I prepared, what resources were worth the time, and how a defender’s background actually helps (and where it blinds you). ...

September 8, 2025 · 5 min · 969 words · Javier Pulido

IDOR in AWS APIs: Real Examples from Bug Bounty & How to Fix Them

Deep dive into IDOR vulnerabilities with real AWS API examples, bug bounty cases, and prevention strategies for Lambda, API Gateway, and internal tooling.

June 27, 2025 · 5 min · 889 words · Javier Pulido

Amazon GuardDuty Setup Guide: Findings, EventBridge Alerts & SIEM Integration

Set up GuardDuty in 10 minutes, route findings to Slack or your SIEM via EventBridge, and learn which finding types actually matter.

June 24, 2025 · 4 min · 690 words · Javier Pulido

Detect AWS IAM Privilege Escalation with CloudTrail

Set up AWS-native detection for privilege escalation using CloudTrail, EventBridge, and minimal infrastructure. Real API patterns and alerting included.

June 20, 2025 · 4 min · 780 words · Javier Pulido

Hardened Amazon Linux 2 AMI with EC2 Image Builder

Step-by-step guide to build a hardened Amazon Linux 2 AMI with EC2 Image Builder including CIS benchmarks, IMDSv2 enforcement, auditd, and logging configuration.

June 9, 2025 · 3 min · 560 words · Javier Pulido

IAM Least Privilege in AWS: Access Analyzer Guide

How to audit and refine IAM permissions using Access Analyzer, CloudTrail, and service access history — enforcing least privilege the right way in AWS.

June 9, 2025 · 3 min · 503 words · Javier Pulido

AWS Session Manager Setup: AmazonSSMManagedInstanceCore & Secure EC2 Access

Complete SSM Session Manager setup — AmazonSSMManagedInstanceCore policy, IAM roles, and replacing SSH with zero open ports.

June 3, 2025 · 7 min · 1344 words · Javier Pulido

EC2 Hardening Guide: Secure AWS Instances Step by Step

This guide delves into the technical aspects of hardening EC2 instances, covering topics from instance selection to monitoring and automation, aligning with AWS’s security recommendations.

May 29, 2025 · 2 min · 391 words · Javier Pulido

AWS Incident Response Toolkit: Resources & Templates

After publishing my free AWS IR checklist, I decided to go one step further — a full incident response toolkit with Terraform code, automation scripts, and ready-to-use templates. Here’s what’s inside.

May 20, 2025 · 2 min · 374 words · Javier Pulido