🔴 How Attackers Can Exploit GCP's Multicloud Workload Solution
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.
https://ermetic.com/blog/gcp/how-attackers-can-exploit-gcps-multicloud-workload-solution
#gcp
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.
https://ermetic.com/blog/gcp/how-attackers-can-exploit-gcps-multicloud-workload-solution
#gcp
🔥3
🔶🔴 Five Things You Need to Know About Malware on Storage Buckets
An overview of malware in cloud storage buckets and mitigation best practices.
https://orca.security/resources/blog/the-risks-of-malware-in-storage-buckets
#aws #gcp
An overview of malware in cloud storage buckets and mitigation best practices.
https://orca.security/resources/blog/the-risks-of-malware-in-storage-buckets
#aws #gcp
🔥1
🔶 AWS EC2 IMDS - What You Need to Know
A technical review of IMDSv2.
https://ermetic.com/blog/aws/aws-ec2-imds-what-you-need-to-know
#aws
A technical review of IMDSv2.
https://ermetic.com/blog/aws/aws-ec2-imds-what-you-need-to-know
#aws
🔥1
🔶 staticwebsite-cli
This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.
https://github.com/awslabs/staticwebsite-cli
#aws
This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.
https://github.com/awslabs/staticwebsite-cli
#aws
🔥2
🔷 Preview support for Kata VM Isolated Containers on AKS for Pod Sandboxing
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
🔥1
🔴 Google Cloud Platform Exfiltration: A Threat Hunting Guide
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
👍1🔥1
🔷 Pivoting with Azure Automation Account Connections
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
🔥1
🔶 Understanding the Integration Between KMS and Secrets Manager on AWS
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
🔥1
🔶 A New Incentive for Using AWS VPC Endpoints
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
🔥1
🔶 Reducing Attack Surface with AWS Allowlisting
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
🔥2
🔴 Monitoring Kubernetes Clusters on GKE
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
🔥2
🔶 Passwordless Authentication made easy with Cognito
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
🔥4
🔶 The Many Ways to Access DynamoDB
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
🔥2
🔷 Protect against cyberattacks with the new Azure Firewall Basic
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
🔥1
🔴 Improve security posture with time bound session length
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
🔥1
🔶 Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
👎1🔥1
🔷 Escalating Privileges with Azure Function Apps
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
🔥1
🔶 Mitigating SSRF in 2023
Article reviewing the different ways of triggering SSRF and discussing which mitigation techniques are most effective.
https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023
#aws
Article reviewing the different ways of triggering SSRF and discussing which mitigation techniques are most effective.
https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023
#aws
🔥2
🔶 Implementing Magic Links with Amazon Cognito: A Step-by-Step Guide
A popular passwordless authentication method is magic links. Although this is not something that Cognito supports out of the box, it can be implemented using its Lambda hooks.
https://theburningmonk.com/2023/03/implementing-magic-links-with-amazon-cognito-a-step-by-step-guide
#aws
A popular passwordless authentication method is magic links. Although this is not something that Cognito supports out of the box, it can be implemented using its Lambda hooks.
https://theburningmonk.com/2023/03/implementing-magic-links-with-amazon-cognito-a-step-by-step-guide
#aws
🔥2
🔶 The illustrated guide to S3 pre-signed URLs
Article discussing in great detail what pre-signed URLs are, how to use them, and some best practices to keep in mind.
https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls
#aws
Article discussing in great detail what pre-signed URLs are, how to use them, and some best practices to keep in mind.
https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls
#aws
🔥4
🔷 Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle
Post exploring the details of the Azure vulnerability, "Super FabriXss," the risks it poses, as well as recommendations on how to mitigate it.
https://orca.security/resources/blog/super-fabrixss-azure-vulnerability
#azure
Post exploring the details of the Azure vulnerability, "Super FabriXss," the risks it poses, as well as recommendations on how to mitigate it.
https://orca.security/resources/blog/super-fabrixss-azure-vulnerability
#azure
🔥2