🔶 New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.
https://permiso.io/blog/s/smishing-attack-on-aws-sms-new-phone-who-dis
#aws
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.
https://permiso.io/blog/s/smishing-attack-on-aws-sms-new-phone-who-dis
#aws
🔥2👍1👏1
🔴 Asset Key Thief security vulnerability technical details
A persistent Service Account private key exfiltration privilege escalation technique that potentially affected Google Cloud Service Accounts, now remediated promptly by the Google Cloud team.
https://engineering.sada.com/asset-key-thief-disclosure-cfae4f1778b6
#gcp
A persistent Service Account private key exfiltration privilege escalation technique that potentially affected Google Cloud Service Accounts, now remediated promptly by the Google Cloud team.
https://engineering.sada.com/asset-key-thief-disclosure-cfae4f1778b6
#gcp
👍3🔥3❤1😱1
🔶🔷🔴 Cloud Red Teaming: AWS Initial Access & Privilege Escalation
Slides from a session that covered the latest cloud focused attack vectors and described viable strategies on how to detect their malicious usage within your cloud environments.
https://speakerdeck.com/tweekfawkes/cloud-red-teaming-aws-initial-access-and-privilege-escalation
#aws #azure #gcp
Slides from a session that covered the latest cloud focused attack vectors and described viable strategies on how to detect their malicious usage within your cloud environments.
https://speakerdeck.com/tweekfawkes/cloud-red-teaming-aws-initial-access-and-privilege-escalation
#aws #azure #gcp
🔥3👍1👏1
🔶 Detecting the Use of Stolen AWS Lambda Credentials
A novel technique which uses AWS CloudTrail to detect the use of stolen credentials.
https://www.secureworks.com/research/detecting-the-use-of-stolen-aws-lambda-credentials
#aws
A novel technique which uses AWS CloudTrail to detect the use of stolen credentials.
https://www.secureworks.com/research/detecting-the-use-of-stolen-aws-lambda-credentials
#aws
🔥2👍1😱1
🔷 Azure Threat Research Matrix
The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform.
https://microsoft.github.io/Azure-Threat-Research-Matrix
#azure
The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform.
https://microsoft.github.io/Azure-Threat-Research-Matrix
#azure
🔥3👍1👏1
🔴 GhostToken: Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts
The vulnerability could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim's Google account infected with a trojan app forever.
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts
#gcp
The vulnerability could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim's Google account infected with a trojan app forever.
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts
#gcp
👍2🔥1👏1
🔶 When MFA becomes SFA
A particular case where possession of an AWS access key/secret key alone was equivalent to possession of those keys and a previously configured MFA.
* P. S. use VPN for Russian IPs *
https://www.mwrcybersec.com/when-mfa-becomes-sfa
#aws
A particular case where possession of an AWS access key/secret key alone was equivalent to possession of those keys and a previously configured MFA.
* P. S. use VPN for Russian IPs *
https://www.mwrcybersec.com/when-mfa-becomes-sfa
#aws
👍5🔥2👏1
🔷 Free Microsoft 365 subnoscriptions for learning purposes
You can get a free Microsoft 365 subnoscription with 25 user licenses to learn and create automations.
https://developer.microsoft.com/en-us/microsoft-365/dev-program
#azure
You can get a free Microsoft 365 subnoscription with 25 user licenses to learn and create automations.
https://developer.microsoft.com/en-us/microsoft-365/dev-program
#azure
👍4🔥1👏1
🔶 Securing AWS Step Functions
Some macro-areas to consider when securing step functions: IAM roles and policies, data security, logging and monitoring, and abuse.
https://infosecwriteups.com/securing-aws-step-functions-3bc74845906
#aws
Some macro-areas to consider when securing step functions: IAM roles and policies, data security, logging and monitoring, and abuse.
https://infosecwriteups.com/securing-aws-step-functions-3bc74845906
#aws
🔥3👍2👏1
🔴 Exploiting misconfigured Google Cloud Service Accounts from GitHub Actions
A misconfigured GitHub Action using a GCP Workload Identity Federation Service Account could allow any GitHub Action to assume the role.
https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions
#gcp
A misconfigured GitHub Action using a GCP Workload Identity Federation Service Account could allow any GitHub Action to assume the role.
https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions
#gcp
🔥3👍1😱1
🔷 When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities
Two SSRF and a file upload path traversal in the Azure API Management service, which allowed access to internal Azure assets.
https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities
#azure
Two SSRF and a file upload path traversal in the Azure API Management service, which allowed access to internal Azure assets.
https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities
#azure
🔥4👏2👍1
🔶 Public Report: AWS Nitro System API & Security Claims
AWS engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs.
https://research.nccgroup.com/2023/05/03/public-report-aws-nitro-system-api-security-claims
#aws
AWS engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs.
https://research.nccgroup.com/2023/05/03/public-report-aws-nitro-system-api-security-claims
#aws
👍2🔥1🤔1
🔷 Azure Future SIEM
Great visualization of the future Microsoft Sentinel architecture using Microsoft's cloud-based Azure infrastructure!
#azure
Great visualization of the future Microsoft Sentinel architecture using Microsoft's cloud-based Azure infrastructure!
#azure
🔥4👍1👏1
🔶🔷🔴 Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations
Post describing a hypothetical scenario of a cloud platform compromise with multiple components that would require investigation. Each component is an example of a real intrusion tactic that Mandiant has investigated across various cloud platforms, sometimes with logs available and sometimes without logs available.
https://www.mandiant.com/resources/blog/cloud-bad-log-configurations
#aws #azure #gcp
Post describing a hypothetical scenario of a cloud platform compromise with multiple components that would require investigation. Each component is an example of a real intrusion tactic that Mandiant has investigated across various cloud platforms, sometimes with logs available and sometimes without logs available.
https://www.mandiant.com/resources/blog/cloud-bad-log-configurations
#aws #azure #gcp
👍3🔥1👏1
🔶 My Love/Hate Relationship with Cloud Custodian
Cloud Custodian is a powerful tool for managing and enforcing policies in cloud environments, but it can be difficult to learn and use effectively. The author shares their experiences with using Cloud Custodian, including its benefits and drawbacks, and offers tips for getting started with the tool.
https://badshah.io/my-love-hate-relationship-with-cloud-custodian
#aws
Cloud Custodian is a powerful tool for managing and enforcing policies in cloud environments, but it can be difficult to learn and use effectively. The author shares their experiences with using Cloud Custodian, including its benefits and drawbacks, and offers tips for getting started with the tool.
https://badshah.io/my-love-hate-relationship-with-cloud-custodian
#aws
👍3🔥2👏1
Call for Papers for DevOops 2023 is open until June 1st.
The conference will run for four days: September 5–6 online and September 17–18 in Moscow, with the option to join online.
Want to share your DevOps experience? Submit your proposal at DevOops 2023.
All you need is the material and the desire to perform, and the organizers will help at every stage, from idea to performance: they'll work with you on the material, conduct rehearsals, and give recommendations on the presentation.
Choose any presentation format—talk, workshop, interview, discussion, BoF session—or come up with something of your own. You can select a topic from the list or propose your own.
Submit your proposal on the DevOops website.
#advertising
The conference will run for four days: September 5–6 online and September 17–18 in Moscow, with the option to join online.
Want to share your DevOps experience? Submit your proposal at DevOops 2023.
All you need is the material and the desire to perform, and the organizers will help at every stage, from idea to performance: they'll work with you on the material, conduct rehearsals, and give recommendations on the presentation.
Choose any presentation format—talk, workshop, interview, discussion, BoF session—or come up with something of your own. You can select a topic from the list or propose your own.
Submit your proposal on the DevOops website.
#advertising
🔥3👍2👏1
🔴 Cloud Run Security design overview
This article outlines the security features provided by Cloud Run, including automatic TLS encryption, secure communication between services, and integration with Cloud IAM for access control.
https://cloud.google.com/run/docs/securing/security
#gcp
This article outlines the security features provided by Cloud Run, including automatic TLS encryption, secure communication between services, and integration with Cloud IAM for access control.
https://cloud.google.com/run/docs/securing/security
#gcp
👍2🔥2👏1
🔶 An AWS IAM Wishlist
A wishlist of AWS IAM feature requests: IAM Authorization Debugging, Mapping of API Calls/IAM Permissions/CloudTrail Events, SCP Audit Mode, SCP for Resources, and API Request Parameters as Condition Keys.
https://www.zeuscloud.io/post/an-aws-iam-wishlist
#aws
A wishlist of AWS IAM feature requests: IAM Authorization Debugging, Mapping of API Calls/IAM Permissions/CloudTrail Events, SCP Audit Mode, SCP for Resources, and API Request Parameters as Condition Keys.
https://www.zeuscloud.io/post/an-aws-iam-wishlist
#aws
🔥3👍1👏1
🔶🔷 Manage multiple Terraform projects in monorepo
A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subnoscriptions.
https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo
#aws #azure
A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subnoscriptions.
https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo
#aws #azure
🔥2👍1😱1
🔴 Google I/O 2023: Making AI more helpful for everyone
A summary of what Google announced at Google I/O 2023.
https://blog.google/technology/ai/google-io-2023-keynote-sundar-pichai
#gcp
A summary of what Google announced at Google I/O 2023.
https://blog.google/technology/ai/google-io-2023-keynote-sundar-pichai
#gcp
👍1🔥1😱1
🔶 Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS
This post provides a deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment.
https://securitylabs.datadoghq.com/articles/amazon-eks-attacking-securing-cloud-identities
#aws
This post provides a deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment.
https://securitylabs.datadoghq.com/articles/amazon-eks-attacking-securing-cloud-identities
#aws
🔥4👍1👏1