🔴 Google Cloud Platform Exfiltration: A Threat Hunting Guide

Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.

https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide

#gcp

🔷 Pivoting with Azure Automation Account Connections

How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.

https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections

#azure

🔶 Understanding the Integration Between KMS and Secrets Manager on AWS

Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.

https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws

#aws

🔶 A New Incentive for Using AWS VPC Endpoints

If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.

https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints

#aws

🔶 Reducing Attack Surface with AWS Allowlisting

A detailed look at implementing Region and Service allowlisting in AWS.

https://ramimac.me/aws-allowlisting

#aws

🔴 Monitoring Kubernetes Clusters on GKE

A hands-on guide to monitoring and logging at different layers in the GKE stack.

https://medium.com/google-cloud/gke-monitoring-84170ea44833

#gcp

🔶 Passwordless Authentication made easy with Cognito

A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.

https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide

#aws

🔶 The Many Ways to Access DynamoDB

Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.

https://blog.symops.com/2023/03/10/access-dynamodb

#aws

🔷 Protect against cyberattacks with the new Azure Firewall Basic

Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.

https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic

#azure

🔴 Improve security posture with time bound session length

Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.

https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length

#gcp

🔶 Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research

Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.

https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other

#aws

🔷 Escalating Privileges with Azure Function Apps

Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.

https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/

#azure

🔶 Mitigating SSRF in 2023

Article reviewing the different ways of triggering SSRF and discussing which mitigation techniques are most effective.

https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023

#aws

🔶 Implementing Magic Links with Amazon Cognito: A Step-by-Step Guide

A popular passwordless authentication method is magic links. Although this is not something that Cognito supports out of the box, it can be implemented using its Lambda hooks.

https://theburningmonk.com/2023/03/implementing-magic-links-with-amazon-cognito-a-step-by-step-guide

#aws

🔶 The illustrated guide to S3 pre-signed URLs

Article discussing in great detail what pre-signed URLs are, how to use them, and some best practices to keep in mind.

https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls

#aws

🔷 Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle

Post exploring the details of the Azure vulnerability, "Super FabriXss," the risks it poses, as well as recommendations on how to mitigate it.

https://orca.security/resources/blog/super-fabrixss-azure-vulnerability

#azure

🔶 Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel

How to use Cloudflare Tunnel to securely access a Flask webapp running in a private subnet in ECS on Fargate, without exposing the app to the public internet.

https://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs

#aws

🔷 Riding the Azure Service Bus (Relay) into Power Platform

A deserialization issue on the Azure Service Bus (Relay) service that allowed remote code execution on Microsoft servers.

https://www.netspi.com/blog/technical/vulnerability-research/azure-service-bus-power-platform

#azure

🔶 AWS KMS Threat Model

What are the threats in letting an AWS service manage the encryption of your data instead of creating a Customer Managed Key?

https://airwalkreply.com/aws-kms-threat-model

#aws

🔷 Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI

Security Copilot combines an advanced large language model (LLM) with a security-specific model from Microsoft. This security-specific model in turn incorporates a set of security-specific skills and is informed by Microsoft's unique global threat intelligence. Security Copilot runs on Azure's infrastructure.

https://blogs.microsoft.com/blog/2023/03/28/introducing-microsoft-security-copilot-empowering-defenders-at-the-speed-of-ai

#azure

🔶 Exploring Amazon VPC Lattice

AWS has recently released VPC Lattice to General Availability. This post walks through creating a simple VPC Lattice service using CloudFormation, and takes a look at the service overall.

https://onecloudplease.com/blog/exploring-amazon-vpc-lattice

#aws