@chasersystems.bsky.social
DiscrimiNAT Firewall: A transparent NAT gateway alternative that allows product teams to discover and update narrow allowlists for their apps’ outbound connections, easily. https://chasersystems.com/
Sponsoring the local #Rust meetup in #Cambridge is way we bring the community together a few times a year. Follow the event page at www.meetup.com/cambridge-ru... and @cambridgerust.bsky.social here
Rust has played a critical role in the cloud security solutions we ship in terms of speed & safety
Learn about CoverDrop's use of #Rust in #Cambridge on 12th Nov by Daniel Hugenroth @lambda.bsky.social . Pizzas on us!
10.11.2025 17:23 — 👍 1 🔁 0 💬 0 📌 0
What data do coding agents send, and where to?
Our report seeks to answer some of our questions for the most popular coding agents. Incidentally, a side-effect was running into OWASP LLM07:2025 System Prompt Leakage. You can see the system prompts in the appendix.
chasersystems.com/blog/what-da...
Looking at us-east-1 this morning like... 👀
We're giving away 1,000 of our "It's always DNS" stickers and sticky-notes to decorate your laptops! Fill in the linked form below and we'll get it mailed directly to you, wherever you are in the world.
forms.office.com/e/14jHFdU9Kv
#aws #itsalwaysdns
Azure default outbound access connectivity change postponed from 30 Sep '25 to 31 Mar '26.
azure.microsoft.com/en-us/update...
v2.20 of DiscrimiNAT Firewall now available on GCP 🎉
chasersystems.com/docs/discrim...
v2.20 of DiscrimiNAT Firewall just released on AWS 🎉
chasersystems.com/docs/discrim...
Another short-lived credential leak causes widespread data theft. Here at @chasersystems.bsky.social we're researching & prototyping practical second-factor methods for service account style usage.
cloud.google.com/blog/topics/...
Cambridge Rust meetup August 13th 🦀
www.meetup.com/cambridge-ru...
Event sponsored by Chaser Systems: chasersystems.com!
#rust #cambridge
Welcome to the team Lucas Pye! Lucas is joining us as an intern until mid-September and is researching what telemetry is gathered from developer machines by various popular agentic coding tools. When he's not intercepting #egress traffic you can find him climbing!
(screenshot of MitMed Cursor)
We're back at @fwdcloudsec.org again today, drop by our booth and try our mini-CTF to win a #YubiKey. Only 4 left, so be sure to come by early!
01.07.2025 14:01 — 👍 0 🔁 0 💬 0 📌 0We're demoing DiscrimiNAT Firewall at the venue this year. See you in Denver!
04.06.2025 23:34 — 👍 1 🔁 1 💬 0 📌 0
TLS ECH (formerly ESNI) is an emerging threat in traffic observability.
Learn about what it is, its background and original purpose, and how to disable it in controlled environments - especially Chrome and headless Chrome in the linked solution article:
chasersystems.com/blog/disabli...
Our founder @new23d.bsky.social's talk accepted for @fwdcloudsec.org at Denver in June on AWS IAM Roles Anywhere with ACME-enabled PKI certs distribution (using Let's Encrypt Staging)
Videos will be available on YouTube later and we'll post an update when they are.
We make it easier for you to enable an outbound network traffic firewall in full allowlist enforcement mode -- with discovery, dry run and micro-segmentation.
Available on AWS and GCP. Search for DiscrimiNAT Firewall in your cloud web console.
#egress #filtering
[1b] x.com/nullenc0de/s...
[2] docs.paloaltonetworks.com/cloud-ngfw-a...
[3] chasersystems.com/discriminat/...
and website for docs, etc.
Any questions, just drop an email to devsecops at chasersystems dot com. We love to answer tricky questions and demo how our firewall checks more than just the hostname in client-settable headers!
Safe egressing 🤞
[1a] repost.aws/questions/QU...
info on multi-protocol support, low TTL DNS handling, etc.
It also has a non-blocking monitoring mode to discover what you need to allow, and a dry-run mode to test rules before enforcement.
Search for DiscrimiNAT Firewall in GCP Console to get started or for links to our Terraform modules
The mechanism under the hood is truly patent worthy!
The integration with GCP has always been such that it mimics a built-in feature with use of Network Tags, Firewall Rules and Logs Explorer 😎. It is stateless, CIS-hardened, upgrades seamlessly, and you can see the full comparison [3] for more
Wildcards are now GA from us for network egress on GCP.
Took time to develop since we didn't want the solution to be trivially bypassable with SNI Spoofing [1] or cause interruptions to your traffic intermittently with false positives (as is the case with known issue FWAAS-1501 of Palo Alto [2]).
Wildcards were a game-changer in GCP for this👇customer in reducing #egress management overhead.
✅Monitoring / Dry-Run mode
✅SNI spoofing proof tech
✅Public Suffix List / Effective TLD checks
✅Terraform
Deploy now or get a demo from engineering: chasersystems.com
👇
We're looking for a solid, network security cloud engineer to work on DiscrimiNAT Firewall and a new SaaS product we're developing.
www.linkedin.com/jobs/view/41...
Update network endpoints for Win32 apps and PowerShell scripts by December 27, 2024*
mc.merill.net/message/MC96...
* we only just found out, but your egress FQDNs allowlist might need an update
Comparison page with GCP NGFW is now up, scoped to egress filtering. Advantages DiscrimiNAT has:
🌟 Wildcard Support
💨 Low* DNS TTL handling
🔍 Monitoring, Discovery & Dry-Run mode
👮 Spoofing Prevention
chasersystems.com/discriminat/...
* no more dropped connections to 5s TTL AWS S3
DiscrimiNAT Firewall, for outbound filtering, v2.9.0 released on GCP.
Release notes: chasersystems.com/docs/discrim...
DiscrimiNAT Firewall, for outbound filtering, v2.9.0 released on AWS.
Release notes: chasersystems.com/docs/discrim...