🔸cr0hn/festin
A tool by Daniel García for discovering open S3 Buckets starting from domains. Collects info via DNS, web pages (crawler), and S3 buckets themselves (like S3 redirections). “Watch mode” can listen for new domains in real time, and supports downloading bucket objects and putting them in Redis Search to enable full-text search of discovered contents.
https://github.com/cr0hn/festin
#aws
A tool by Daniel García for discovering open S3 Buckets starting from domains. Collects info via DNS, web pages (crawler), and S3 buckets themselves (like S3 redirections). “Watch mode” can listen for new domains in real time, and supports downloading bucket objects and putting them in Redis Search to enable full-text search of discovered contents.
https://github.com/cr0hn/festin
#aws
GitHub
GitHub - cr0hn/festin: FestIn - Open S3 Bucket Scanner
FestIn - Open S3 Bucket Scanner. Contribute to cr0hn/festin development by creating an account on GitHub.
🔸SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns
BlackHat Arsenal presentation by Bishop Fox’s Rob Ragan and Oscar Salazar on a new tool: Smogcloud, that can be used to find exposed AWS cloud assets that you may not have known you had.
- For example: Internet-facing FQDNs and IPs across one or hundreds of AWS accounts, assets that are no longer in use, services not currently monitored, shadow IT, etc.
- Currently supports about 13 different AWS services.
https://github.com/BishopFox/smogcloud
#aws
BlackHat Arsenal presentation by Bishop Fox’s Rob Ragan and Oscar Salazar on a new tool: Smogcloud, that can be used to find exposed AWS cloud assets that you may not have known you had.
- For example: Internet-facing FQDNs and IPs across one or hundreds of AWS accounts, assets that are no longer in use, services not currently monitored, shadow IT, etc.
- Currently supports about 13 different AWS services.
https://github.com/BishopFox/smogcloud
#aws
GitHub
GitHub - BishopFox/smogcloud: Find cloud assets that no one wants exposed 🔎 ☁️
Find cloud assets that no one wants exposed 🔎 ☁️. Contribute to BishopFox/smogcloud development by creating an account on GitHub.
⚪️Compromise any GCP Org Via Cloud API Lateral Movement and Privilege Escalation
Great BlackHat USA / DEF CON Safe Mode talk by Allison Donovan and Dylan Ayrey and tool release, gcploit, a “BFS search tool meant for defensive threat models, a mock org simulator, as well as stack driver queries that profile the gcploit tool.”
https://www.youtube.com/watch?v=Ml09R38jpok
#gcp
Great BlackHat USA / DEF CON Safe Mode talk by Allison Donovan and Dylan Ayrey and tool release, gcploit, a “BFS search tool meant for defensive threat models, a mock org simulator, as well as stack driver queries that profile the gcploit tool.”
https://www.youtube.com/watch?v=Ml09R38jpok
#gcp
GitHub
GitHub - dxa4481/gcploit: These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok - GitHub - dxa4481/gcploit: These are tools we released with our 2020 defcon/blackhat talk...
🔸How to Create Unlimited Rotating IP Addresses with AWS
Devin Stokes describes how to use proxycannon-ng to distribute your traffic over an endless supply of cloud-based IP addresses.
https://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728
#aws
Devin Stokes describes how to use proxycannon-ng to distribute your traffic over an endless supply of cloud-based IP addresses.
https://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728
#aws
🔸Abusing AWS Connection Tracking
How to abuse Connection Tracking in AWS to persist connections on a host, even when a more restrictive security group is put in place as a result of incident response.
https://frichetten.com/blog/abusing-aws-connection-tracking/
#aws
How to abuse Connection Tracking in AWS to persist connections on a host, even when a more restrictive security group is put in place as a result of incident response.
https://frichetten.com/blog/abusing-aws-connection-tracking/
#aws
🔸Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials
How to detect if an attacker is abusing temporary credentials in your AWS accounts using Splunk.
https://www.splunk.com/en_us/blog/security/using-splunk-to-detect-abuse-of-aws-permanent-and-temporary-credentials.html
#aws
How to detect if an attacker is abusing temporary credentials in your AWS accounts using Splunk.
https://www.splunk.com/en_us/blog/security/using-splunk-to-detect-abuse-of-aws-permanent-and-temporary-credentials.html
#aws
⚪️ Google Cloud security best practices center
Best practices providing specific, informed guidance on helping secure Google Cloud deployments and describing recommended configurations, architectures, suggested settings, and other operational advice.
https://cloud.google.com/security/best-practices
#gcp
Best practices providing specific, informed guidance on helping secure Google Cloud deployments and describing recommended configurations, architectures, suggested settings, and other operational advice.
https://cloud.google.com/security/best-practices
#gcp
Google Cloud
Cloud Security Best Practices Center | Google Cloud
Learn the best practices for securely deploying your workloads on Google Cloud with our privacy & security blueprints, guides, whitepapers, and more.
🔸AWS Auto Remediate
Open source application to instantly remediate common security issues through the use of AWS Config.
https://github.com/servian/aws-auto-remediate
#aws
Open source application to instantly remediate common security issues through the use of AWS Config.
https://github.com/servian/aws-auto-remediate
#aws
🔹GitHub Action for Azure Policy Compliance Scan
It is now possible to trigger on-demand Azure policy compliance evaluations from GitHub workflows.
https://github.com/marketplace/actions/azure-policy-compliance-scan
#azure
It is now possible to trigger on-demand Azure policy compliance evaluations from GitHub workflows.
https://github.com/marketplace/actions/azure-policy-compliance-scan
#azure
GitHub
Azure Policy Compliance Scan - GitHub Marketplace
Triggers compliance scan on Azure resources and passes/fails based on the compliance state of the resources
🔸Anatomy of AWS Lambda
Article taking a closer look on the anatomy of the AWS Lambda functions and the processes that are happening below the surface. If you are not super-familiar with Lambda, I highly recommend this post which provides a very well-thought introduction.
https://dev.to/sosnowski/anatomy-of-aws-lambda-1i1e
#aws
Article taking a closer look on the anatomy of the AWS Lambda functions and the processes that are happening below the surface. If you are not super-familiar with Lambda, I highly recommend this post which provides a very well-thought introduction.
https://dev.to/sosnowski/anatomy-of-aws-lambda-1i1e
#aws
🔹🔸⚪️Cloudkeeper - Housekeeping for Clouds
Cloudkeeper is a standalone CLI tool that periodically collects a list of resources in cloud accounts, provides metrics about them, and can clean them up.
https://github.com/mesosphere/cloudkeeper
#aws #gcp #azure
Cloudkeeper is a standalone CLI tool that periodically collects a list of resources in cloud accounts, provides metrics about them, and can clean them up.
https://github.com/mesosphere/cloudkeeper
#aws #gcp #azure
🔸Automate Amazon Athena queries for PCI DSS log review using AWS Lambda
How to use AWS Lambda to automate PCI DSS (v3.2.1) evidence generation, and daily log review to assist with your ongoing PCI DSS activities.
https://aws.amazon.com/ru/blogs/security/automate-amazon-athena-queries-for-pci-dss-log-review-using-aws-lambda/
#aws
How to use AWS Lambda to automate PCI DSS (v3.2.1) evidence generation, and daily log review to assist with your ongoing PCI DSS activities.
https://aws.amazon.com/ru/blogs/security/automate-amazon-athena-queries-for-pci-dss-log-review-using-aws-lambda/
#aws
Amazon
Automate Amazon Athena queries for PCI DSS log review using AWS Lambda | Amazon Web Services
In this post, I will show you how to use AWS Lambda to automate PCI DSS (v3.2.1) evidence generation, and daily log review to assist with your ongoing PCI DSS activities. We will specifically be looking at AWS CloudTrail Logs stored centrally in Amazon Simple…
Cyber_Security_on_Azure_An_IT_Professional’s_Guide_to_Microsoft.pdf
12.1 MB
🔹Cyber Security on Azure
Cyber Security on Azure explains how this 'security as a service' (SECaaS) business solution can help you better manage security risk and enable data security control using encryption options such as Advanced Encryption Standard (AES) cryptography. Discover best practices to support network security groups, web application firewalls, and database auditing for threat protection. Configure custom security notifications of potential cyberattack vectors to prevent unauthorized access by hackers, hacktivists, and industrial spies.
#azure #literature
Cyber Security on Azure explains how this 'security as a service' (SECaaS) business solution can help you better manage security risk and enable data security control using encryption options such as Advanced Encryption Standard (AES) cryptography. Discover best practices to support network security groups, web application firewalls, and database auditing for threat protection. Configure custom security notifications of potential cyberattack vectors to prevent unauthorized access by hackers, hacktivists, and industrial spies.
#azure #literature
🔸Securing resource tags used for authorization using a service control policy in AWS Organizations
How you can use attribute-based access controls (ABAC) in AWS to help provision simple, maintainable access controls to different projects, teams, and workloads as your organization grows.
https://aws.amazon.com/ru/blogs/security/securing-resource-tags-used-for-authorization-using-service-control-policy-in-aws-organizations/
#aws
How you can use attribute-based access controls (ABAC) in AWS to help provision simple, maintainable access controls to different projects, teams, and workloads as your organization grows.
https://aws.amazon.com/ru/blogs/security/securing-resource-tags-used-for-authorization-using-service-control-policy-in-aws-organizations/
#aws
🔸Certificate Authority now supports Private CA sharing
AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports sharing a Private CA with any AWS account or within your organization. This eliminates the need to provision duplicate resources in every account in a multi-account environment, reducing the cost and complexity of managing those resources in every account.
https://aws.amazon.com/ru/about-aws/whats-new/2020/08/aws-certificate-manager-private-certificate-authority-supports-private-ca-sharing/
#aws
AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports sharing a Private CA with any AWS account or within your organization. This eliminates the need to provision duplicate resources in every account in a multi-account environment, reducing the cost and complexity of managing those resources in every account.
https://aws.amazon.com/ru/about-aws/whats-new/2020/08/aws-certificate-manager-private-certificate-authority-supports-private-ca-sharing/
#aws
Amazon
AWS Certificate Manager Private Certificate Authority now supports Private CA sharing
🔷Attacking Azure & Azure AD, Part II
New post on attacking AzureAD Service Principals, Intune, and documenting an Azure Logic App primitive. Also introducing the complete re-write of PowerZure.
https://posts.specterops.io/attacking-azure-azure-ad-part-ii-5f336f36697d
#azure
New post on attacking AzureAD Service Principals, Intune, and documenting an Azure Logic App primitive. Also introducing the complete re-write of PowerZure.
https://posts.specterops.io/attacking-azure-azure-ad-part-ii-5f336f36697d
#azure
GitHub
GitHub - hausec/PowerZure: PowerShell framework to assess Azure security
PowerShell framework to assess Azure security. Contribute to hausec/PowerZure development by creating an account on GitHub.
🔸spacesiren/spacesiren
A honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale – up to 10,000 per SpaceSiren instance – at close to no cost… It provides an API to create no-permission AWS IAM users and access keys for those users.
https://github.com/spacesiren/spacesiren
#aws
A honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale – up to 10,000 per SpaceSiren instance – at close to no cost… It provides an API to create no-permission AWS IAM users and access keys for those users.
https://github.com/spacesiren/spacesiren
#aws
🔸The power of orchestration: how we automated enrichments for AWS alerts
How the Expel team automated enrichments for AWS alerts, with this blog sharing their approach to developing AWS enrichments and the implementation of the enrichment workflow process.
https://expel.io/blog/power-of-orchestration-how-we-automated-enrichments-aws-alerts/
#aws
How the Expel team automated enrichments for AWS alerts, with this blog sharing their approach to developing AWS enrichments and the implementation of the enrichment workflow process.
https://expel.io/blog/power-of-orchestration-how-we-automated-enrichments-aws-alerts/
#aws
🔸Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes
"In this post, we discuss the risks of the AWS Instance Metadata service in AWS Elastic Kubernetes Service (EKS) clusters. In particular, we demonstrate that compromising a pod in the cluster can have disastrous consequences on resources in the AWS account if access to the Instance Metadata service is not explicitly blocked."
https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/
by @mobile_appsec_world
#aws
"In this post, we discuss the risks of the AWS Instance Metadata service in AWS Elastic Kubernetes Service (EKS) clusters. In particular, we demonstrate that compromising a pod in the cluster can have disastrous consequences on resources in the AWS account if access to the Instance Metadata service is not explicitly blocked."
https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/
by @mobile_appsec_world
#aws
Christophe Tafani-Dereeper
Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes - Christophe Tafani…
In this post, we discuss the risks of the AWS Instance Metadata service in AWS Elastic Kubernetes Service (EKS) clusters. In particular, we demonstrate that compromising a pod in the cluster can have disastrous consequences on resources in the AWS account…
🔹Become an Azure Security Center Ninja
This blog post has a curation of many Azure Security Center (ASC) resources, organized in a format that can help you to go from absolutely no knowledge in ASC, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Azure Security Center.
https://techcommunity.microsoft.com/t5/azure-security-center/become-an-azure-security-center-ninja/ba-p/1608761
#azure
This blog post has a curation of many Azure Security Center (ASC) resources, organized in a format that can help you to go from absolutely no knowledge in ASC, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Azure Security Center.
https://techcommunity.microsoft.com/t5/azure-security-center/become-an-azure-security-center-ninja/ba-p/1608761
#azure
TECHCOMMUNITY.MICROSOFT.COM
Become a Microsoft Defender for Cloud Ninja
[Last update: 12/07/2023]
This blog post has a curation of many Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender)..
This blog post has a curation of many Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender)..