🔶 Containing Compromised EC2 Credentials Without (Hopefully) Breaking Things
There are multiple techniques for containing compromised instance credentials. The easy ones are the most likely to break things, but there are creative options to lock out attackers without breaking applications.
https://www.firemon.com/containing-compromised-ec2-credentials-without-hopefully-breaking-things
#aws
There are multiple techniques for containing compromised instance credentials. The easy ones are the most likely to break things, but there are creative options to lock out attackers without breaking applications.
https://www.firemon.com/containing-compromised-ec2-credentials-without-hopefully-breaking-things
#aws
🔥2
🔶 Two Minor Cross-Tenant Vulnerabilities in AWS App Runner
These vulnerabilities leaked configuration information across tenant boundaries. While they are both minor issues, they further demonstrate that undocumented AWS APIs have lacked the scrutiny of AWS as well as the cloud security community.
https://frichetten.com/blog/minor-cross-tenant-vulns-app-runner
#aws
These vulnerabilities leaked configuration information across tenant boundaries. While they are both minor issues, they further demonstrate that undocumented AWS APIs have lacked the scrutiny of AWS as well as the cloud security community.
https://frichetten.com/blog/minor-cross-tenant-vulns-app-runner
#aws
🔥3
🔴 How to secure digital assets with multi-party computation and Confidential Space
To help customers use multi-party computation and Confidential Space, GCP described a reference architecture for implementing MPC-compliant blockchain signing.
https://cloud.google.com/blog/products/identity-security/how-to-secure-digital-assets-with-multi-party-computation-and-confidential-space
#gcp
To help customers use multi-party computation and Confidential Space, GCP described a reference architecture for implementing MPC-compliant blockchain signing.
https://cloud.google.com/blog/products/identity-security/how-to-secure-digital-assets-with-multi-party-computation-and-confidential-space
#gcp
🔥3
🔶 Automate IAM credential reports for large AWS Organizations
How to manage credentials with many accounts, automate IAM credential reports, and consolidate the results.
https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-for-large-aws-organizations
#aws
How to manage credentials with many accounts, automate IAM credential reports, and consolidate the results.
https://aws.amazon.com/blogs/infrastructure-and-automation/automate-iam-credential-reports-for-large-aws-organizations
#aws
🔥3
🔷 From listKeys to Glory: How We Achieved a Subnoscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys
How the Orca Security team discovered a critical exploitation path, utilizing Microsoft Azure shared key authorization, and provide key mitigation steps.
https://orca.security/resources/blog/azure-shared-key-authorization-exploitation
#azure
How the Orca Security team discovered a critical exploitation path, utilizing Microsoft Azure shared key authorization, and provide key mitigation steps.
https://orca.security/resources/blog/azure-shared-key-authorization-exploitation
#azure
🔥1🤩1
🔶 The Unholy Marriage of AWS IAM Roles and Instance Profiles
Post explaining IAM Roles and Instance Profiles, how to create and manage them, and attach them to EC2 instances to grant permissions to access AWS services while adhering to security best practices.
https://www.uptycs.com/blog/aws-iam-roles-instance-profiles
#aws
Post explaining IAM Roles and Instance Profiles, how to create and manage them, and attach them to EC2 instances to grant permissions to access AWS services while adhering to security best practices.
https://www.uptycs.com/blog/aws-iam-roles-instance-profiles
#aws
👍4🔥2🤩1
🔷 Building a secure Azure reference architecture with Terraform
A reference architecture including several components, such as a virtual network, a bastion host, a load balancer, and a cluster of virtual machines running a web application.
https://www.hashicorp.com/blog/building-a-secure-azure-reference-architecture-with-terraform
#azure
A reference architecture including several components, such as a virtual network, a bastion host, a load balancer, and a cluster of virtual machines running a web application.
https://www.hashicorp.com/blog/building-a-secure-azure-reference-architecture-with-terraform
#azure
🔥4👍1👏1
🔶 Privilege escalation in AWS Elastic Kubernetes Service
An interesting privilege escalation scenario in Kubernetes (EKS) involving NodeRestriction.
https://blog.calif.io/p/privilege-escalation-in-eks
#aws
An interesting privilege escalation scenario in Kubernetes (EKS) involving NodeRestriction.
https://blog.calif.io/p/privilege-escalation-in-eks
#aws
🔥5
🔴 How to identify and reduce costs of your Google Cloud observability in Cloud Monitoring
A cost savings guide for Cloud Monitoring.
https://cloud.google.com/blog/products/management-tools/learn-to-understand-and-reduce-cloud-monitoring-costs
#gcp
A cost savings guide for Cloud Monitoring.
https://cloud.google.com/blog/products/management-tools/learn-to-understand-and-reduce-cloud-monitoring-costs
#gcp
🔥1
🔷 Hacking Your Cloud: Tokens Edition 2.0
Techniques attackers might use to exploit cloud tokens and gain access to resources. Strong token management, limiting privileges, and token revocation policies help mitigate risks.
https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0
#azure
Techniques attackers might use to exploit cloud tokens and gain access to resources. Strong token management, limiting privileges, and token revocation policies help mitigate risks.
https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0
#azure
🔥3👍2
🔶 New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.
https://permiso.io/blog/s/smishing-attack-on-aws-sms-new-phone-who-dis
#aws
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.
https://permiso.io/blog/s/smishing-attack-on-aws-sms-new-phone-who-dis
#aws
🔥2👍1👏1
🔴 Asset Key Thief security vulnerability technical details
A persistent Service Account private key exfiltration privilege escalation technique that potentially affected Google Cloud Service Accounts, now remediated promptly by the Google Cloud team.
https://engineering.sada.com/asset-key-thief-disclosure-cfae4f1778b6
#gcp
A persistent Service Account private key exfiltration privilege escalation technique that potentially affected Google Cloud Service Accounts, now remediated promptly by the Google Cloud team.
https://engineering.sada.com/asset-key-thief-disclosure-cfae4f1778b6
#gcp
👍3🔥3❤1😱1
🔶🔷🔴 Cloud Red Teaming: AWS Initial Access & Privilege Escalation
Slides from a session that covered the latest cloud focused attack vectors and described viable strategies on how to detect their malicious usage within your cloud environments.
https://speakerdeck.com/tweekfawkes/cloud-red-teaming-aws-initial-access-and-privilege-escalation
#aws #azure #gcp
Slides from a session that covered the latest cloud focused attack vectors and described viable strategies on how to detect their malicious usage within your cloud environments.
https://speakerdeck.com/tweekfawkes/cloud-red-teaming-aws-initial-access-and-privilege-escalation
#aws #azure #gcp
🔥3👍1👏1
🔶 Detecting the Use of Stolen AWS Lambda Credentials
A novel technique which uses AWS CloudTrail to detect the use of stolen credentials.
https://www.secureworks.com/research/detecting-the-use-of-stolen-aws-lambda-credentials
#aws
A novel technique which uses AWS CloudTrail to detect the use of stolen credentials.
https://www.secureworks.com/research/detecting-the-use-of-stolen-aws-lambda-credentials
#aws
🔥2👍1😱1
🔷 Azure Threat Research Matrix
The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform.
https://microsoft.github.io/Azure-Threat-Research-Matrix
#azure
The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform.
https://microsoft.github.io/Azure-Threat-Research-Matrix
#azure
🔥3👍1👏1
🔴 GhostToken: Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts
The vulnerability could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim's Google account infected with a trojan app forever.
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts
#gcp
The vulnerability could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim's Google account infected with a trojan app forever.
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts
#gcp
👍2🔥1👏1
🔶 When MFA becomes SFA
A particular case where possession of an AWS access key/secret key alone was equivalent to possession of those keys and a previously configured MFA.
* P. S. use VPN for Russian IPs *
https://www.mwrcybersec.com/when-mfa-becomes-sfa
#aws
A particular case where possession of an AWS access key/secret key alone was equivalent to possession of those keys and a previously configured MFA.
* P. S. use VPN for Russian IPs *
https://www.mwrcybersec.com/when-mfa-becomes-sfa
#aws
👍5🔥2👏1
🔷 Free Microsoft 365 subnoscriptions for learning purposes
You can get a free Microsoft 365 subnoscription with 25 user licenses to learn and create automations.
https://developer.microsoft.com/en-us/microsoft-365/dev-program
#azure
You can get a free Microsoft 365 subnoscription with 25 user licenses to learn and create automations.
https://developer.microsoft.com/en-us/microsoft-365/dev-program
#azure
👍4🔥1👏1
🔶 Securing AWS Step Functions
Some macro-areas to consider when securing step functions: IAM roles and policies, data security, logging and monitoring, and abuse.
https://infosecwriteups.com/securing-aws-step-functions-3bc74845906
#aws
Some macro-areas to consider when securing step functions: IAM roles and policies, data security, logging and monitoring, and abuse.
https://infosecwriteups.com/securing-aws-step-functions-3bc74845906
#aws
🔥3👍2👏1
🔴 Exploiting misconfigured Google Cloud Service Accounts from GitHub Actions
A misconfigured GitHub Action using a GCP Workload Identity Federation Service Account could allow any GitHub Action to assume the role.
https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions
#gcp
A misconfigured GitHub Action using a GCP Workload Identity Federation Service Account could allow any GitHub Action to assume the role.
https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions
#gcp
🔥3👍1😱1
🔷 When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities
Two SSRF and a file upload path traversal in the Azure API Management service, which allowed access to internal Azure assets.
https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities
#azure
Two SSRF and a file upload path traversal in the Azure API Management service, which allowed access to internal Azure assets.
https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities
#azure
🔥4👏2👍1