🔷Hunt for compromised Azure subnoscriptions using Microsoft Defender for Cloud Apps
How Microsoft Defender for Cloud Apps data can help hunt and mitigate the risk of compromised subnoscriptions.
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-for-compromised-azure-subnoscriptions-using-microsoft/ba-p/3607121
#azure
How Microsoft Defender for Cloud Apps data can help hunt and mitigate the risk of compromised subnoscriptions.
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-for-compromised-azure-subnoscriptions-using-microsoft/ba-p/3607121
#azure
TECHCOMMUNITY.MICROSOFT.COM
Hunt for compromised Azure subnoscriptions using Microsoft Defender for Cloud Apps
In our present threat landscape, attackers are constantly trying to compromise organizations, each with their own set of motives. They may want to compromise...
🔥1
🔴 Controls to restrict access to individually approved APIs
How to restrict access to individually approved Google APIs using the Organization Policy Service and other network controls.
https://cloud.google.com/architecture/network-controls-limit-access-individually-approved-apis
#gcp
How to restrict access to individually approved Google APIs using the Organization Policy Service and other network controls.
https://cloud.google.com/architecture/network-controls-limit-access-individually-approved-apis
#gcp
Google Cloud
Controls to restrict access to individually approved APIs | Cloud Architecture Center | Google Cloud
👍1
🔶 AWS WAF Fraud Control - Account takeover prevention for Amazon CloudFront
AWS WAF Fraud Control - Account Takeover Prevention protects your application's login page against credential stuffing attacks, brute force attempts, and other anomalous login activities.
https://aws.amazon.com/ru/about-aws/whats-new/2022/08/aws-waf-fraud-control-account-takeover-prevention-cloudfront
#aws
AWS WAF Fraud Control - Account Takeover Prevention protects your application's login page against credential stuffing attacks, brute force attempts, and other anomalous login activities.
https://aws.amazon.com/ru/about-aws/whats-new/2022/08/aws-waf-fraud-control-account-takeover-prevention-cloudfront
#aws
Amazon
AWS WAF Fraud Control - Account takeover prevention for Amazon CloudFront
🔥1
🔴 Announcing Virtual Machine Threat Detection now generally available to Cloud customers
Google announced that Virtual Machine Threat Detection (VMTD) in Security Command Center is now generally available for all Google Cloud customers.
https://cloud.google.com/blog/products/identity-security/introducing-virtual-machine-threat-detection-to-block-critical-threats
#gcp
Google announced that Virtual Machine Threat Detection (VMTD) in Security Command Center is now generally available for all Google Cloud customers.
https://cloud.google.com/blog/products/identity-security/introducing-virtual-machine-threat-detection-to-block-critical-threats
#gcp
Google Cloud Blog
Introducing Virtual Machine Threat Detection to block critical threats | Google Cloud Blog
Google Cloud makes the world’s first public cloud agentless virtual machine threat detection available to all Security Command Center Premium customers.
🔥2
🔷 Securing Azure middleware agents with new auto-patching capabilities
It turns out when you require your customers to manually patch critical vulnerabilities in software you installed for them that they often don’t know they have, update rates are low. Nice work from Wiz in pushing for auto-patching functionality.
https://www.wiz.io/blog/auto-patching-for-omi
#azure
It turns out when you require your customers to manually patch critical vulnerabilities in software you installed for them that they often don’t know they have, update rates are low. Nice work from Wiz in pushing for auto-patching functionality.
https://www.wiz.io/blog/auto-patching-for-omi
#azure
wiz.io
Securing Azure middleware agents with new auto-patching capabilities | Wiz Blog
Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer
🔥1
CloudSec Wine
🔷 Automating Azure Abuse Research A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities. https://posts.specterops.io/automating-azure-abuse-research-part-1-30b0eca33418 #azure
🔷 Automating Azure Abuse Research - Part 2
Second part of a series, this time focusing on how to use the BloodHound Attack Research Kit (BARK) to perform so-called "continuous abuse primitive validation".
https://posts.specterops.io/automating-azure-abuse-research-part-2-3e5bbe7a20c0
#azure
Second part of a series, this time focusing on how to use the BloodHound Attack Research Kit (BARK) to perform so-called "continuous abuse primitive validation".
https://posts.specterops.io/automating-azure-abuse-research-part-2-3e5bbe7a20c0
#azure
Medium
Automating Azure Abuse Research — Part 2
In Part 1 of this series, we looked at how to port functionality from the Azure GUI to PowerShell. Specifically, we looked at how to…
🔥2
🔶 AWS IAM Interview Questions
Some AWS IAM interview questions to help understand how much an engineer might know about AWS IAM, and how to apply it.
https://www.k9security.io/docs/aws-iam-interview-questions
#aws
Some AWS IAM interview questions to help understand how much an engineer might know about AWS IAM, and how to apply it.
https://www.k9security.io/docs/aws-iam-interview-questions
#aws
👍3
🔷 SMTP Matching Abuse in Azure AD
How SMTP matching can be abused to obtain privileged access via eligible role assignments, and how to prevent it.
https://www.semperis.com/blog/smtp-matching-abuse-in-azure-ad
#azure
How SMTP matching can be abused to obtain privileged access via eligible role assignments, and how to prevent it.
https://www.semperis.com/blog/smtp-matching-abuse-in-azure-ad
#azure
Semperis
SMTP Matching Abuse in Azure AD - Semperis
Attackers can use SMTP matching to hijack Azure AD. Read our recent post "SMTP Matching Abuse in Azure AD" to learn more.
🔥1
🔶 Incident Response in AWS
Post intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane.
https://www.chrisfarris.com/post/aws-ir
#aws
Post intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane.
https://www.chrisfarris.com/post/aws-ir
#aws
🔥1
🔶 CJ Moses might be the CISO of AWS, but service leaders own their own security
Interesting interview with AWS’s CJ Moses covering topics including:
1️⃣ What are your duties as CISO?
2️⃣ What is AWS’ security strategy?
3️⃣ What’s the biggest threat to cloud security right now and how do you stay ahead of all these bad actors?
4️⃣ What are the biggest security mistakes that you see enterprise customers repeating?
https://www.protocol.com/enterprise/cj-moses-aws-ciso
#aws
Interesting interview with AWS’s CJ Moses covering topics including:
1️⃣ What are your duties as CISO?
2️⃣ What is AWS’ security strategy?
3️⃣ What’s the biggest threat to cloud security right now and how do you stay ahead of all these bad actors?
4️⃣ What are the biggest security mistakes that you see enterprise customers repeating?
https://www.protocol.com/enterprise/cj-moses-aws-ciso
#aws
Protocol
CJ Moses might be the CISO of AWS, but service leaders own their own security
Moses, a former FBI tech leader and one-time AWS customer, thinks Amazon’s culture of ownership helps him secure AWS because executives are taught that they are directly responsible for the security of their services.
🔥2👍1
🔶 Attacking Firecracker: AWS' microVM Monitor Written in Rust
Firecracker is a microVM manager in Rust that powers AWS services like Lambda and Fargate. Here's how a red team team attacked a vulnerability in Firecracker.
https://www.graplsecurity.com/post/attacking-firecracker
#aws
Firecracker is a microVM manager in Rust that powers AWS services like Lambda and Fargate. Here's how a red team team attacked a vulnerability in Firecracker.
https://www.graplsecurity.com/post/attacking-firecracker
#aws
🔥2
🔶 A Federated Approach To Providing User Privacy Rights
How Lyft approaches managing user privacy in order to seamlessly handle compliance, data export, and deletion.
https://eng.lyft.com/a-federated-approach-to-providing-user-privacy-rights-3d9ab73441d9
#aws
How Lyft approaches managing user privacy in order to seamlessly handle compliance, data export, and deletion.
https://eng.lyft.com/a-federated-approach-to-providing-user-privacy-rights-3d9ab73441d9
#aws
🔥1
🔶 The Complete Guide to AWS KMS
An intro guide to AWS Key Management Service (AWS KMS), its different key types, and access (IAM) best practices.
https://blog.lightspin.io/the-complete-guide-to-aws-kms
#aws
An intro guide to AWS Key Management Service (AWS KMS), its different key types, and access (IAM) best practices.
https://blog.lightspin.io/the-complete-guide-to-aws-kms
#aws
👏2
🔴 Understanding basic networking in GKE - Networking basics
Post exploring the networking components of GKE and the various options that exist.
https://cloud.google.com/blog/topics/developers-practitioners/understanding-basic-networking-gke-networking-basics
#gcp
Post exploring the networking components of GKE and the various options that exist.
https://cloud.google.com/blog/topics/developers-practitioners/understanding-basic-networking-gke-networking-basics
#gcp
Google Cloud Blog
Understanding basic networking in GKE - Networking basics | Google Cloud Blog
👍2🔥1
🔶 awslabs/aws-security-assessment-solution
An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.
https://github.com/awslabs/aws-security-assessment-solution
#aws
An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.
https://github.com/awslabs/aws-security-assessment-solution
#aws
🔥3
🔷 Azure Active Directory Pass-Through Authentication Flaws
Secureworks researchers analyzed how the protocols used by Pass-Through Authentication (PTA) could be exploited. The result? A compromised PTA agent certificate gives threat actors persistent and undetectable access to a target organization.
https://www.secureworks.com/research/azure-active-directory-pass-through-authentication-flaws
#azure
Secureworks researchers analyzed how the protocols used by Pass-Through Authentication (PTA) could be exploited. The result? A compromised PTA agent certificate gives threat actors persistent and undetectable access to a target organization.
https://www.secureworks.com/research/azure-active-directory-pass-through-authentication-flaws
#azure
Secureworks
Azure Active Directory Pass-Through Authentication Flaws
In May 2022, Secureworks® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by Pass-Through Authentication could be exploited.
🔥1
🔶 AWS Ramp-Up Guide: Security
A guide that can help you prepare for the "AWS Certified Security - Specialty" certification exam.
https://d1.awsstatic.com/training-and-certification/ramp-up_guides/Ramp-Up_Guide_Security.pdf
#aws
A guide that can help you prepare for the "AWS Certified Security - Specialty" certification exam.
https://d1.awsstatic.com/training-and-certification/ramp-up_guides/Ramp-Up_Guide_Security.pdf
#aws
🔥4
🔶 matanolabs/matano
An open source security lake platform for AWS that lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses on enabling high scale, low cost, and zero-ops.
https://github.com/matanolabs/matano
#aws
An open source security lake platform for AWS that lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses on enabling high scale, low cost, and zero-ops.
https://github.com/matanolabs/matano
#aws
👍1🔥1
🔶 Authenticating to AWS the right way for (almost) every use-case
Lee Briggs covers the right way to authenticate to AWS in a variety of scenarios:
1️⃣ Authenticate to AWS as a Human User: AWS IAM Identity Center
2️⃣ Authenticate to AWS as an EC2 Instance: IAM Role, possibly Instance Profile
3️⃣ Authenticate to AWS as an application that only manages content in an S3 bucket: Presigned URLs
4️⃣ Authenticate to AWS as a CI/CD Pipeline: OIDC Providers
5️⃣ Authenticate to AWS as compute I manage that isn’t running inside AWS: IAM Roles Anywhere
https://leebriggs.co.uk/blog/2022/09/05/authenticating-to-aws-the-right-way
#aws
Lee Briggs covers the right way to authenticate to AWS in a variety of scenarios:
1️⃣ Authenticate to AWS as a Human User: AWS IAM Identity Center
2️⃣ Authenticate to AWS as an EC2 Instance: IAM Role, possibly Instance Profile
3️⃣ Authenticate to AWS as an application that only manages content in an S3 bucket: Presigned URLs
4️⃣ Authenticate to AWS as a CI/CD Pipeline: OIDC Providers
5️⃣ Authenticate to AWS as compute I manage that isn’t running inside AWS: IAM Roles Anywhere
https://leebriggs.co.uk/blog/2022/09/05/authenticating-to-aws-the-right-way
#aws
🔥3
🔶 thundra-io/merloc
By Thundra: A live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.
https://github.com/thundra-io/merloc
#aws
By Thundra: A live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.
https://github.com/thundra-io/merloc
#aws
👍1🔥1
🔷 Azure Cloud Shell Command Injection: Stealing User's Access Tokens
This post describes how a researcher took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users' terminals.
https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens
#azure
This post describes how a researcher took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users' terminals.
https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens
#azure
🔥1