This article explores techniques for backdooring Azure Automation Account packages and runtime environments. It covers creating malicious packages, exploiting package dependencies, and manipulating runtime environments to gain persistent access and execute arbitrary code within Azure Automation Accounts.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/backdooring-azure-automation-account-packages-and-runtime-environments/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1🔥1
🔶 Gaining AWS Persistence by Updating a SAML Identity Provider
If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider.
https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5
#aws
If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider.
https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5
#aws
👍3🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🔴 CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool.
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
#gcp
Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool.
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
#gcp
🔥3❤1👍1
🔶 Managing identity source transition for AWS IAM Identity Center
Post walking through the process of switching from one identity source to another and provides sample code that you can use to assist with the transition.
https://aws.amazon.com/ru/blogs/security/managing-identity-source-transition-for-aws-iam-identity-center/
(Use VPN to open from Russia)
#aws
Post walking through the process of switching from one identity source to another and provides sample code that you can use to assist with the transition.
https://aws.amazon.com/ru/blogs/security/managing-identity-source-transition-for-aws-iam-identity-center/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
Permiso has found that some attackers are using hijacked LLM infrastructure to power highly inappropriate AI chatbot services.
https://permiso.io/blog/exploiting-hosted-models
#aws
Permiso has found that some attackers are using hijacked LLM infrastructure to power highly inappropriate AI chatbot services.
https://permiso.io/blog/exploiting-hosted-models
#aws
👍3❤1🔥1
🔶 Keep track of AWS user activity with SourceIdentity attribute
How to use the SourceIdentity attribute in STS to trace all user activity in AssumeRole sessions back to corporate identities such as usernames or email addresses.
https://redcanary.com/blog/threat-detection/aws-sourceidentity/
#aws
How to use the SourceIdentity attribute in STS to trace all user activity in AssumeRole sessions back to corporate identities such as usernames or email addresses.
https://redcanary.com/blog/threat-detection/aws-sourceidentity/
#aws
👍4❤1🔥1
🔶 AWS: VPC Flow Logs, NAT Gateways, and Kubernetes Pods - a detailed overview
Post covering what is a NAT Gateway, what are VPC Flow Logs, and how to use them with Kubernetes.
https://itnext.io/aws-vpc-flow-logs-nat-gateways-and-kubernetes-pods-a-detailed-overview-43a6541bcc35
(Use VPN to open from Russia)
#aws
Post covering what is a NAT Gateway, what are VPC Flow Logs, and how to use them with Kubernetes.
https://itnext.io/aws-vpc-flow-logs-nat-gateways-and-kubernetes-pods-a-detailed-overview-43a6541bcc35
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔴 Announcing new Confidential Computing updates for even more hardware security options
Google announced the GA of several new Confidential Computing options and updates to the Google Cloud attestation service. Here's what's new.
https://cloud.google.com/blog/products/identity-security/new-confidential-computing-updates-for-more-hardware-security-options/
#gcp
Google announced the GA of several new Confidential Computing options and updates to the Google Cloud attestation service. Here's what's new.
https://cloud.google.com/blog/products/identity-security/new-confidential-computing-updates-for-more-hardware-security-options/
#gcp
👍3❤1🔥1
🔶 Using Amazon Detective for IAM investigations
How to use Detective Investigation and how to interpret and use the information provided from an IAM investigation.
https://aws.amazon.com/ru/blogs/security/using-amazon-detective-for-iam-investigations/
(Use VPN to open from Russia)
#aws
How to use Detective Investigation and how to interpret and use the information provided from an IAM investigation.
https://aws.amazon.com/ru/blogs/security/using-amazon-detective-for-iam-investigations/
(Use VPN to open from Russia)
#aws
❤3👍1🔥1
🔶 Cloud native incident response in AWS - Part II
How to quickly load data and search for interesting events in Athena.
https://www.invictus-ir.com/news/cloud-native-incident-response-in-aws---part-ii
#aws
How to quickly load data and search for interesting events in Athena.
https://www.invictus-ir.com/news/cloud-native-incident-response-in-aws---part-ii
#aws
❤2🔥2👍1
🔶 AWS Launches Improvements for Key Quarantine Policy
AWS made improvements to the AWSCompromisedKeyQuarantine policies in order to protect potentially compromised accounts. The changes were based on threat intelligence gathered from attacks being seen in the wild.
https://sysdig.com/blog/aws-launches-improvements-for-key-quarantine-policy/
(Use VPN to open from Russia)
#aws
AWS made improvements to the AWSCompromisedKeyQuarantine policies in order to protect potentially compromised accounts. The changes were based on threat intelligence gathered from attacks being seen in the wild.
https://sysdig.com/blog/aws-launches-improvements-for-key-quarantine-policy/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 Improve security incident response times by using AWS Service Catalog to decentralize security notifications
A decentralized approach to security notifications, using a self-service mechanism powered by AWS Service Catalog to enhance response times.
https://aws.amazon.com/ru/blogs/security/improve-security-incident-response-times-by-using-aws-service-catalog-to-decentralize-security-notifications/
(Use VPN to open from Russia)
#aws
A decentralized approach to security notifications, using a self-service mechanism powered by AWS Service Catalog to enhance response times.
https://aws.amazon.com/ru/blogs/security/improve-security-incident-response-times-by-using-aws-service-catalog-to-decentralize-security-notifications/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🙏 Hi, guys! We would like to ask you: in what language do you prefer to read our posts? Please vote
🙏 Всем привет! Хотим узнать у вас: на каком языке вам предпочтительнее читать наши посты? Ждем ваши голоса
🙏 Всем привет! Хотим узнать у вас: на каком языке вам предпочтительнее читать наши посты? Ждем ваши голоса
Anonymous Poll
32%
63%
4%
👍2🤯2❤1🔥1
Post discussing the typical attack chain used in campaigns misusing file hosting services and detail the recently observed tactics, techniques, and procedures (TTPs), including the increasing use of certain defense evasion tactics.
https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤1🔥1
🔶 Granted now mitigates device auth phishing in AWS IAM Identity Center
A new browser extension for Granted which makes authenticating to AWS IAM Identity Center faster and more secure.
https://www.commonfate.io/blog/granted-mitigates-aws-phishing
#aws
A new browser extension for Granted which makes authenticating to AWS IAM Identity Center faster and more secure.
https://www.commonfate.io/blog/granted-mitigates-aws-phishing
#aws
👍4❤1🔥1
🔶 Turning AWS Documentation into Gold: AI-Assisted Security Research
This article goes over how to use embeddings in AWS Bedrock, scraping AWS documentation, leveraging ripgrep for fast searches on local disk, and some interesting security research along the way.
https://www.securityrunners.io/post/ai-assisted-security-research
#aws
This article goes over how to use embeddings in AWS Bedrock, scraping AWS documentation, leveraging ripgrep for fast searches on local disk, and some interesting security research along the way.
https://www.securityrunners.io/post/ai-assisted-security-research
#aws
👍3❤1🔥1
🔶 Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
A - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
https://tracebit.com/blog/breaching-the-data-perimeter-cloudtrail-as-a-mechanism-for-data-exfiltration
#aws
A - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
https://tracebit.com/blog/breaching-the-data-perimeter-cloudtrail-as-a-mechanism-for-data-exfiltration
#aws
👍5❤3🔥1
🔶 CloudShell slip-up: command-line access to underlying AWS infrastructure
Incident Overview: During a cloud security training session, a delegate encountered an unexpected AWS account identity while using CloudShell.
https://medium.com/@paulschwarzenberger/cloudshell-slip-up-command-line-access-to-underlying-aws-infrastructure-ae77a0858088
#aws
Incident Overview: During a cloud security training session, a delegate encountered an unexpected AWS account identity while using CloudShell.
https://medium.com/@paulschwarzenberger/cloudshell-slip-up-command-line-access-to-underlying-aws-infrastructure-ae77a0858088
#aws
👍3❤1🔥1
🔶 Perfecting Ransomware on AWS - Using "keys to the kingdom" to change the locks
This article discusses the shift from traditional data dumping in compromised AWS accounts to utilizing AWS KMS features for ransomware attacks.
https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802
#aws
This article discusses the shift from traditional data dumping in compromised AWS accounts to utilizing AWS KMS features for ransomware attacks.
https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802
#aws
👍2❤1🔥1
🔶 Security Logging in Cloud Environments - AWS
Author has refreshed article which covers how to design a state of the art multi-account security logging platform in AWS: removed stale links and legacy advice on MFA delete, added API Gateway access logs, and added a "Tracking Misconfigurations" section.
https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/
#aws
Author has refreshed article which covers how to design a state of the art multi-account security logging platform in AWS: removed stale links and legacy advice on MFA delete, added API Gateway access logs, and added a "Tracking Misconfigurations" section.
https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/
#aws
👍5❤1🔥1
🔶 AWS IAM Policy Condition Operators Explained
There are 27 basic condition operators you can use in an AWS IAM policy. Then you can add "ForAllValues" or "ForAnyValue" to the beginning and "IfExists" to the end of almost all of them.
https://iam.cloudcopilot.io/resources/operators
#aws
There are 27 basic condition operators you can use in an AWS IAM policy. Then you can add "ForAllValues" or "ForAnyValue" to the beginning and "IfExists" to the end of almost all of them.
https://iam.cloudcopilot.io/resources/operators
#aws
👍3❤1🔥1