🔶 How to build a Security Guardians program to distribute security ownership
Post outlining the steps to follow to build your own Security Guardians program for your organization.
https://aws.amazon.com/ru/blogs/security/how-to-build-your-own-security-guardians-program/
(Use VPN to open from Russia)
#aws
Post outlining the steps to follow to build your own Security Guardians program for your organization.
https://aws.amazon.com/ru/blogs/security/how-to-build-your-own-security-guardians-program/
(Use VPN to open from Russia)
#aws
👍3❤2🔥1
🔶 How to use interface VPC endpoints to meet your security objectives
Four security objectives that VPC endpoints help you achieve.
https://aws.amazon.com/ru/blogs/security/how-to-use-interface-vpc-endpoints-to-meet-your-security-objectives/
(Use VPN to open from Russia)
#aws
Four security objectives that VPC endpoints help you achieve.
https://aws.amazon.com/ru/blogs/security/how-to-use-interface-vpc-endpoints-to-meet-your-security-objectives/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub
How to integrate Amazon Detective with AWS Security Hub, giving you better visibility into threat indicators and investigative data directly from Security Hub, which provides you with a centralized view of your overall security posture across your AWS accounts.
https://aws.amazon.com/ru/blogs/security/how-to-use-the-amazon-detective-api-to-investigate-guardduty-security-findings-and-enrich-data-in-security-hub/
(Use VPN to open from Russia)
#aws
How to integrate Amazon Detective with AWS Security Hub, giving you better visibility into threat indicators and investigative data directly from Security Hub, which provides you with a centralized view of your overall security posture across your AWS accounts.
https://aws.amazon.com/ru/blogs/security/how-to-use-the-amazon-detective-api-to-investigate-guardduty-security-findings-and-enrich-data-in-security-hub/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔶 AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.
https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/
#aws
The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.
https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/
#aws
👍4❤1🔥1
🔴 Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends
This post offers a deep dive into Google Cloud's default service accounts, explaining their functionality, risks, and real-world adoption trends.
https://securitylabs.datadoghq.com/articles/google-cloud-default-service-accounts/
#gcp
This post offers a deep dive into Google Cloud's default service accounts, explaining their functionality, risks, and real-world adoption trends.
https://securitylabs.datadoghq.com/articles/google-cloud-default-service-accounts/
#gcp
👍2❤1🔥1
🔶 Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy
The article explores how threat actors manage to work around the limitations of the quarantine policy (AWSCompromisedKeyQuarantineV2) that is applied to identities whose credentials are leaked.
https://permiso.io/blog/introducing-detention-dodger
#aws
The article explores how threat actors manage to work around the limitations of the quarantine policy (AWSCompromisedKeyQuarantineV2) that is applied to identities whose credentials are leaked.
https://permiso.io/blog/introducing-detention-dodger
#aws
👍2❤1🔥1
🔶 EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files
This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.
https://sysdig.com/blog/emeraldwhale/
(Use VPN to open from Russia)
#aws
This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.
https://sysdig.com/blog/emeraldwhale/
(Use VPN to open from Russia)
#aws
🔥4❤1👍1
🔶 I bought us-east-1.com: A Look at Security, DNS Traffic, and Protecting AWS Users
When people think about the term «us-east-1», they often think of AWS's very data center region that powers countless businesses worldwide. But what if someone registered the us-east-1.com domain?
https://dev.to/aws-builders/i-bought-us-east-1com-a-look-at-security-dns-traffic-and-protecting-aws-users-15ng
#aws
When people think about the term «us-east-1», they often think of AWS's very data center region that powers countless businesses worldwide. But what if someone registered the us-east-1.com domain?
https://dev.to/aws-builders/i-bought-us-east-1com-a-look-at-security-dns-traffic-and-protecting-aws-users-15ng
#aws
👍6❤1🔥1
🔶 Building an AppRunner on EC2 with Cloudflare Zero Trust Access
How to automate the deployment of a private AppRunner instance on AWS that hosts multiple internal apps securely behind Cloudflare's zero-trust access controls.
https://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/
#aws
How to automate the deployment of a private AppRunner instance on AWS that hosts multiple internal apps securely behind Cloudflare's zero-trust access controls.
https://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/
#aws
👍2❤1🔥1
🔶 How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access
The process involves using API actions like CreateTrustAnchor and CreateProfile to facilitate the exploitation.
https://medium.com/@adan.alvarez/how-attackers-can-abuse-iam-roles-anywhere-for-persistent-aws-access-b3ced6935dca
(Use VPN to open from Russia)
#aws
The process involves using API actions like CreateTrustAnchor and CreateProfile to facilitate the exploitation.
https://medium.com/@adan.alvarez/how-attackers-can-abuse-iam-roles-anywhere-for-persistent-aws-access-b3ced6935dca
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔴 Filling up the DagBag: Privilege Escalation in Google Cloud Composer
An attacker that has write access to the Cloud Composer environment's dedicated bucket can gain command execution in the Composer environment.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/privilege-escalation-google-cloud-composer/
#gcp
An attacker that has write access to the Cloud Composer environment's dedicated bucket can gain command execution in the Composer environment.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/privilege-escalation-google-cloud-composer/
#gcp
👍2❤1🔥1
🔶 Implement effective data authorization mechanisms to secure your data used in generative AI applications
Post walking through the risks associated with using sensitive data as part of fine-tuning for FMs, retrieval augmented generation (RAG), AI agents, and tooling with generative AI workloads.
https://aws.amazon.com/ru/blogs/security/implement-effective-data-authorization-mechanisms-to-secure-your-data-used-in-generative-ai-applications/
(Use VPN to open from Russia)
#aws
Post walking through the risks associated with using sensitive data as part of fine-tuning for FMs, retrieval augmented generation (RAG), AI agents, and tooling with generative AI workloads.
https://aws.amazon.com/ru/blogs/security/implement-effective-data-authorization-mechanisms-to-secure-your-data-used-in-generative-ai-applications/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔶 Unauthorized tactic spotlight: Initial access through a third-party identity provider
Some of the recent techniques used by threat actors that leverage specific customer configurations or design to make unauthorized use of resources within an AWS account.
https://aws.amazon.com/ru/blogs/security/unauthorized-tactic-spotlight-initial-access-through-a-third-party-identity-provider/
(Use VPN to open from Russia)
#aws
Some of the recent techniques used by threat actors that leverage specific customer configurations or design to make unauthorized use of resources within an AWS account.
https://aws.amazon.com/ru/blogs/security/unauthorized-tactic-spotlight-initial-access-through-a-third-party-identity-provider/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔶 How AWS enforcement code logic evaluates requests to allow or deny access
AWS updated the IAM policy evaluation chart.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-denyallow.html
(Use VPN to open from Russia)
#aws
AWS updated the IAM policy evaluation chart.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-denyallow.html
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
Microsoft has recently published a Graph API that allows administrators to pre-provision passkeys for users. From an offensive security point of view this raises the question whether this functionality can be abused to take over accounts.
https://www.secura.com/services/information-technology/vapt/what-can-be-pentested/cloud-pentesting/abusing-fido2-passkeys
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
The general availability of the Bastion Developer SKU, virtual network encryption, and the public preview of DNSSEC support in Azure.
https://azure.microsoft.com/en-us/blog/unlocking-the-future-azure-networking-updates-on-security-reliability-and-high-availability/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
🔶 Peek inside your AWS CloudFormation Deployments with timeline view
The new CloudFormation deployment timeline view provides visibility into the orchestration flow and dependencies involved when CloudFormation provisions resources defined in your infrastructure-as-code templates.
https://aws.amazon.com/ru/blogs/devops/peek-inside-your-aws-cloudformation-deployments-with-timeline-view/
(Use VPN to open from Russia)
#aws
The new CloudFormation deployment timeline view provides visibility into the orchestration flow and dependencies involved when CloudFormation provisions resources defined in your infrastructure-as-code templates.
https://aws.amazon.com/ru/blogs/devops/peek-inside-your-aws-cloudformation-deployments-with-timeline-view/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔴 A new flexible DNS-based approach for accessing the GKE control plane
A new DNS-based endpoint for GKE clusters provides enhanced flexibility when accessing the control plane and configuring security.
https://cloud.google.com/blog/products/containers-kubernetes/new-dns-based-endpoint-for-the-gke-control-plane/
(Use VPN to open from Russia)
#gcp
A new DNS-based endpoint for GKE clusters provides enhanced flexibility when accessing the control plane and configuring security.
https://cloud.google.com/blog/products/containers-kubernetes/new-dns-based-endpoint-for-the-gke-control-plane/
(Use VPN to open from Russia)
#gcp
👍2❤1🔥1
🔶 Securing AWS Lambda - How Misconfigurations Can Lead to Lateral Movement
How several misconfigurations and user-defined code issues in AWS Lambda could lead to potential credential theft and lateral movement.
https://www.sentinelone.com/blog/lateral-movement-in-aws-lambda-environments/
#aws
How several misconfigurations and user-defined code issues in AWS Lambda could lead to potential credential theft and lateral movement.
https://www.sentinelone.com/blog/lateral-movement-in-aws-lambda-environments/
#aws
👍3❤1🔥1
🔴 Sketchy Cheat Sheet - Story of a Cloud Architecture Diagramming Tool gone wrong
A series of vulnerabilities found in Google's Architecture Diagramming Tool, leading to its eventual decommissioning due to security concerns.
https://jdomeracki.github.io/2024/11/09/sketchy_cheat_sheet/
#gcp
A series of vulnerabilities found in Google's Architecture Diagramming Tool, leading to its eventual decommissioning due to security concerns.
https://jdomeracki.github.io/2024/11/09/sketchy_cheat_sheet/
#gcp
❤1👍1🔥1
Post sharing a few inconsistencies found in Azure logs which make detection engineering more challenging.
https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2❤1👍1