🔶 A role for all your EC2 instances
You can now pass an IAM role to every EC2 instance in your account + region.
https://awsteele.com/blog/2023/02/20/a-role-for-all-your-ec2-instances.html
#aws
You can now pass an IAM role to every EC2 instance in your account + region.
https://awsteele.com/blog/2023/02/20/a-role-for-all-your-ec2-instances.html
#aws
🔥1
🔶 My CI/CD pipeline is my release captain
How Amazon continuously release changes to production by practicing trunk-based development, by using CI/CD pipelines to manage deployment artifacts and coordinate releases across multiple production environments, and by practicing proactive and automatic rollbacks.
https://aws.amazon.com/ru/builders-library/cicd-pipeline
#aws
How Amazon continuously release changes to production by practicing trunk-based development, by using CI/CD pipelines to manage deployment artifacts and coordinate releases across multiple production environments, and by practicing proactive and automatic rollbacks.
https://aws.amazon.com/ru/builders-library/cicd-pipeline
#aws
🔥4
🔴 Securing Cloud Run Deployments with Least Privilege Access
How to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.
https://cloud.google.com/blog/products/identity-security/securing-cloud-run-deployments-with-least-privilege-access
#gcp
How to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.
https://cloud.google.com/blog/products/identity-security/securing-cloud-run-deployments-with-least-privilege-access
#gcp
👍1
🔶 automated-ci-pipeline-creation
Creation of Continuous Integration pipelines dynamically using an AWS Step Function based approach to create standardised pipelines for an organisation.
https://github.com/aws-samples/automated-ci-pipeline-creation
#aws
Creation of Continuous Integration pipelines dynamically using an AWS Step Function based approach to create standardised pipelines for an organisation.
https://github.com/aws-samples/automated-ci-pipeline-creation
#aws
🔥2
🔴 How Attackers Can Exploit GCP's Multicloud Workload Solution
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.
https://ermetic.com/blog/gcp/how-attackers-can-exploit-gcps-multicloud-workload-solution
#gcp
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.
https://ermetic.com/blog/gcp/how-attackers-can-exploit-gcps-multicloud-workload-solution
#gcp
🔥3
🔶🔴 Five Things You Need to Know About Malware on Storage Buckets
An overview of malware in cloud storage buckets and mitigation best practices.
https://orca.security/resources/blog/the-risks-of-malware-in-storage-buckets
#aws #gcp
An overview of malware in cloud storage buckets and mitigation best practices.
https://orca.security/resources/blog/the-risks-of-malware-in-storage-buckets
#aws #gcp
🔥1
🔶 AWS EC2 IMDS - What You Need to Know
A technical review of IMDSv2.
https://ermetic.com/blog/aws/aws-ec2-imds-what-you-need-to-know
#aws
A technical review of IMDSv2.
https://ermetic.com/blog/aws/aws-ec2-imds-what-you-need-to-know
#aws
🔥1
🔶 staticwebsite-cli
This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.
https://github.com/awslabs/staticwebsite-cli
#aws
This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.
https://github.com/awslabs/staticwebsite-cli
#aws
🔥2
🔷 Preview support for Kata VM Isolated Containers on AKS for Pod Sandboxing
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
🔥1
🔴 Google Cloud Platform Exfiltration: A Threat Hunting Guide
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
👍1🔥1
🔷 Pivoting with Azure Automation Account Connections
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
🔥1
🔶 Understanding the Integration Between KMS and Secrets Manager on AWS
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
🔥1
🔶 A New Incentive for Using AWS VPC Endpoints
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
🔥1
🔶 Reducing Attack Surface with AWS Allowlisting
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
🔥2
🔴 Monitoring Kubernetes Clusters on GKE
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
🔥2
🔶 Passwordless Authentication made easy with Cognito
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
🔥4
🔶 The Many Ways to Access DynamoDB
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
🔥2
🔷 Protect against cyberattacks with the new Azure Firewall Basic
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
🔥1
🔴 Improve security posture with time bound session length
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
🔥1
🔶 Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
👎1🔥1
🔷 Escalating Privileges with Azure Function Apps
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
🔥1