🔶 A small digest of AWS news:
1️⃣ AWS Control Tower launches managed controls using declarative policies
These policies are a set of new optional controls that help you consistently enforce the desired configuration for a service.
2️⃣ AWS Config now supports a service-linked recorder
AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit.
(Use VPN to open from Russia)
#aws
1️⃣ AWS Control Tower launches managed controls using declarative policies
These policies are a set of new optional controls that help you consistently enforce the desired configuration for a service.
2️⃣ AWS Config now supports a service-linked recorder
AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit.
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🙂 Dear friends,
this year we have already become more than 2000 people. And this is very cool.
Only thanks to you we will make even cooler content. Thank you very much.
🎉 Happy New Year 2025! We wish you success in your personal life and career. Let's make the new year much better than 2024 together!
#HappyNewYear
this year we have already become more than 2000 people. And this is very cool.
Only thanks to you we will make even cooler content. Thank you very much.
🎉 Happy New Year 2025! We wish you success in your personal life and career. Let's make the new year much better than 2024 together!
#HappyNewYear
👍4❤1🔥1
🔶 hidden-services-revealer
A tool to map hidden services in AWS. It does this by following the triggered events of a user's actions.
https://github.com/tenable/hidden-services-revealer
#aws
A tool to map hidden services in AWS. It does this by following the triggered events of a user's actions.
https://github.com/tenable/hidden-services-revealer
#aws
❤1👍1🔥1
🔶🔴 cloudranger
Go library for mapping IP address ranges to cloud provider regions (currently: AWS and GCP).
https://github.com/planetscale/cloudranger
#aws #gcp
Go library for mapping IP address ranges to cloud provider regions (currently: AWS and GCP).
https://github.com/planetscale/cloudranger
#aws #gcp
👍2❤1🔥1
🔶 safer-scps
Safer AWS Service Control Policies (SCPs) deployments via real-time error monitoring.
https://github.com/matthewdfuller/safer-scps
#aws
Safer AWS Service Control Policies (SCPs) deployments via real-time error monitoring.
https://github.com/matthewdfuller/safer-scps
#aws
❤1👍1🔥1
Azure Key Vault Contributors are not allowed access to Key Vault keys, certificates, and secrets. But did you know they can still gain access to this sensitive data? This post will cover a privilege escalation vector to access data in key vaults using the access policy permissions model.
https://securitylabs.datadoghq.com/articles/escalating-privileges-to-read-secrets-with-azure-key-vault-access-policies/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
🔴 The dark cloud around GCP service accounts
Why does this service account still have access even though I deleted its service account key?
https://redcanary.com/blog/threat-detection/gcp-service-accounts/
#gcp
Why does this service account still have access even though I deleted its service account key?
https://redcanary.com/blog/threat-detection/gcp-service-accounts/
#gcp
❤1👍1🔥1
🔶 Hat Trick: AWS introduced same RCE vulnerability three times in four years
Amazon has introduced the same dependency confusion issue at least on 3 separate occasions when adding new packages to the Neuron SDK registry.
https://giraffesecurity.dev/posts/amazon-hat-trick/
#aws
Amazon has introduced the same dependency confusion issue at least on 3 separate occasions when adding new packages to the Neuron SDK registry.
https://giraffesecurity.dev/posts/amazon-hat-trick/
#aws
❤1👍1🔥1
🔶 From Detection to Enforcement: Migrating from IMDSv1 to IMDSv2
Concrete advice on approaching a migration to IMDSv2.
https://securitylabs.datadoghq.com/articles/from_detection_to_enforcement_migrating_from_imdsv1_to_imdsv2/
#aws
Concrete advice on approaching a migration to IMDSv2.
https://securitylabs.datadoghq.com/articles/from_detection_to_enforcement_migrating_from_imdsv1_to_imdsv2/
#aws
❤1👍1🔥1
🔶 The many ways to obtain credentials in AWS
Post exploring how AWS services provide IAM credentials, and teaching key risks and detection strategies to secure your cloud environment against credential misuse.
https://www.wiz.io/blog/the-many-ways-to-obtain-credentials-in-aws
#aws
Post exploring how AWS services provide IAM credentials, and teaching key risks and detection strategies to secure your cloud environment against credential misuse.
https://www.wiz.io/blog/the-many-ways-to-obtain-credentials-in-aws
#aws
❤1👍1🔥1
🔶 Avoiding mistakes with AWS OIDC integration conditions
Post exploring some common missteps in securing your AWS OIDC.
https://www.wiz.io/blog/avoiding-mistakes-with-aws-oidc-integration-conditions
#aws
Post exploring some common missteps in securing your AWS OIDC.
https://www.wiz.io/blog/avoiding-mistakes-with-aws-oidc-integration-conditions
#aws
❤1👍1🔥1
🔶 Implementing Security Invariants in an AWS Management Account
Chris Farris discusses the implementation of security invariants within an AWS management account, specifically the payer account where organizational policies do not apply.
https://www.chrisfarris.com/post/payer-invariants/
#aws
Chris Farris discusses the implementation of security invariants within an AWS management account, specifically the payer account where organizational policies do not apply.
https://www.chrisfarris.com/post/payer-invariants/
#aws
❤1👍1🔥1
🔶 AWS CodeBuild: Self-Hosted GitHub Action Runners
How to set up AWS CodeBuild for GitHub Action Runners, including configuration steps and integration advantages.
https://kieranlowe.io/implementing-self-hosted-github-action-runners-using-aws-codebuild
#aws
How to set up AWS CodeBuild for GitHub Action Runners, including configuration steps and integration advantages.
https://kieranlowe.io/implementing-self-hosted-github-action-runners-using-aws-codebuild
#aws
❤1👍1🔥1
A (now remediated) vulnerability allowed the Reader role on the AML service to gain write access to these Storage Accounts to ultimately get code execution through Jupyter notebooks.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/hijacking-azure-machine-learning-notebooks/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 How to share security telemetry per OU using Amazon Security Lake and AWS Lake Formation
How to extract OU structure and account metadata from your organization and use it to securely share Security Lake data on a per-OU basis across your organization.
https://aws.amazon.com/ru/blogs/security/how-to-share-security-telemetry-per-ou-using-amazon-security-lake-and-aws-lake-formation/
(Use VPN to open from Russia)
#aws
How to extract OU structure and account metadata from your organization and use it to securely share Security Lake data on a per-OU basis across your organization.
https://aws.amazon.com/ru/blogs/security/how-to-share-security-telemetry-per-ou-using-amazon-security-lake-and-aws-lake-formation/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 How to bypass honeypots in AWS
This post suggests a way to detect and avoid honeypots set up for access key IDs in an AWS environment.
https://tejaszarekar.gitbook.io/tejaszarekar
#aws
This post suggests a way to detect and avoid honeypots set up for access key IDs in an AWS environment.
https://tejaszarekar.gitbook.io/tejaszarekar
#aws
❤1👍1🔥1
This article explains how to use Microsoft Entra ID FIDO2 Provisioning APIs to register YubiKeys on behalf of users. It covers the process, required permissions, and provides code examples for implementing this functionality in applications.
https://janbakker.tech/register-yubikeys-on-behalf-of-your-users-with-microsoft-entra-id-fido2-provisioning-apis/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Terraform S3 Backend Setup: Skip the Table
It is now possible to remove DynamoDB as a dependency, and streamline your S3 backend setup.
https://kieranlowe.io/terraform-s3-backend-setup-skip-the-table
#aws
It is now possible to remove DynamoDB as a dependency, and streamline your S3 backend setup.
https://kieranlowe.io/terraform-s3-backend-setup-skip-the-table
#aws
👍3🔥2❤1
🔴 Securing Grafana on Kubernetes
A step-by-step guide to secure a Grafana deployment on Kubernetes using Google Cloud Identity-Aware Proxy (GCP IAP), Gateway API, and Terraform.
https://www.vidbregar.com/blog/grafana-gcp-iap
#gcp
A step-by-step guide to secure a Grafana deployment on Kubernetes using Google Cloud Identity-Aware Proxy (GCP IAP), Gateway API, and Terraform.
https://www.vidbregar.com/blog/grafana-gcp-iap
#gcp
👍2❤1🔥1
Part 1 of an Intune Attack Paths series, discussing the fundamental components and mechanics of Intune that lead to the emergence of attack paths.
https://posts.specterops.io/intune-attack-paths-part-1-4ad1882c1811
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2❤1👍1
Azure DevOps can be accessed using multiple 1st party client ids, allowing anyone to pivot from a stolen session to access the repositories.
https://zolder.io/blog/devops-access-is-closer-than-you-assume/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1