🔶 Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.

https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor

#aws

🔷 Tampering with Conditional Access Policies Using Azure AD Graph API

Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.

https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api

#azure

🔶 Is Cloud Forensics just Log Analysis? Kind Of.

The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.

https://www.cadosecurity.com/is-cloud-forensics-just-log-analysis-kind-of

#aws

🔶 AWS Lambda Function: IAM User Password Expiry Notice

Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.

https://blog.jennasrunbooks.com/aws-lambda-function-iam-user-password-expiry-notice-ses-boto3-terraform

#aws

🔴 Google Trust Services ACME API available to all users at no cost

Google now offers general availability of Google Trust Services ACME endpoint allowing anyone to get TLS certificates for their websites for free.

https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html

#gcp

🔶 Misconfiguration Spotlight: Securing the EC2 Instance Metadata Service

A look at how the EC2 Instance Metadata Service can be taken advantage of.

https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds

#aws

🔶 How to get rid of AWS access keys - Part 1: The easy wins

Learn how to identify unused and unnecessary long-lived IAM User access keys.

https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-1-the-easy-wins

#aws

🔶 How to choose the right API Gateway auth method

API Gateway supports quite a few authentication and authorization methods, plus, you can always authenticate users inside your endpoint. So, the big question is, how do you choose the right one for your API?

https://theburningmonk.com/2020/06/how-to-choose-the-right-api-gateway-auth-method

#aws

🔶 Detect Anomalies In Our AWS Infrastructure

Low-maintenance Cloud-Based Anomaly Detection System with Bytewax, Redpanda, and AWS.

https://bytewax.io/blog/aws-anomaly-detection

#aws

🔷 OneDrive to Enum Them All

TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.

https://www.trustedsec.com/blog/onedrive-to-enum-them-all

#azure

🔶 7 lesser-known AWS SSM Document techniques for code execution

A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances.

https://securitycafe.ro/2023/04/19/7-lesser-known-aws-ssm-document-techniques-for-code-execution

#aws

🔶 We reported a security issue in AWS CDK's eks.Cluster component

Two sleuthing SREs uncovered an AWS security issue. Here's how they found it, why it matters, and what you need to do to resolve it.

https://garden.io/blog/aws-security-issue

#aws

🔶 Scaling Authorization with Cedar and OPAL

A practical tutorial to build a comprehensive Cedar-based application authorization system.

https://www.permit.io/blog/scaling-authorization-with-cedar-and-opal

#aws

🔶 Implementing machine-to-machine authentication for services behind an AWS ALB with OIDC

Post delving into the possibilities of enforcing machine-to-machine (m2m) authentication using OIDC (OpenID Connect) at a high level when utilizing an AWS ALB.

https://medium.com/@hettiarachchi.yashodha/enforcing-machine-to-machine-authentication-for-services-behind-an-aws-alb-part-2-e06707e6f366

(use VPN to open from Russia)

#aws

🔶 Messing Around With AWS Batch For Privilege Escalations

How to achieve privilege escalation via misconfigured AWS Batch.

https://blog.doyensec.com/2023/06/13/messing-around-with-aws-batch-for-privilege-escalations.html

#aws

🔶 AWS API Gateway header smuggling and cache confusion

Post diving into two potential security issues identified in AWS API Gateway authorizers.

https://securityblog.omegapoint.se/en/writeup-apigw

#aws

🔶 Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service

A set of bugs in AWS Directory Service. One of them could be used for privilege escalation by an authenticated user with sufficient permissions.

https://cloudar.be/awsblog/spotted-privilege-escalation-in-aws-directory-service

#aws

🔶 AWS Pentest Methodology

A high-level methodology of how one could conduct a penetration test inside the AWS platform.

https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58

(use VPN to open from Russia)

#aws

🔶 Really cool illustration demonstrating some AWS services

🌍 Amazon CloudFront
🌐 Amazon Route 53
💻 Amazon EC2
⚖️ Amazon Autoscaling
🪪 Amazon Certificate Manager
🪣 Amazon Backup service
🗄️ Amazon RDS
☁️ Amazon VPC
🔐 Amazon WAF
👁️ Amazon CloudWatch

https://www.linkedin.com/posts/nelsonamigoscode_aws-devops-awsdevops-activity-7076823493127884800-AN5_?utm_source=share&utm_medium=member_ios

(use VPN to open from Russia)

#aws

🔴 Analyzing Volatile Memory on a Google Kubernetes Engine Node

Post explaining in detail how memory analysis works and how it can be used on any GKE node in production today.

https://engineering.atspotify.com/2023/06/analyzing-volatile-memory-on-a-google-kubernetes-engine-node

#gcp

🔶 CloudGoat Vulnerable Lambda Scenario - Part 2 (Response)

As an incident responder, walk through how we can investigate and resolve an ongoing attack targeting CloudGoat's vulnerable Lambda scenario.

https://0xdeadbeefjerky.com/posts/cloudgoat-lambda-walkthrough-part-2

#aws