🔶 AWS CloudTrail cheat sheet
An attempt to document CloudTrail events that are "interesting" for incident responders or detection engineers.
https://invictus-ir.medium.com/aws-cloudtrail-cheat-sheet-dcf2b92e37e2
(use VPN to open from Russia)
#aws
An attempt to document CloudTrail events that are "interesting" for incident responders or detection engineers.
https://invictus-ir.medium.com/aws-cloudtrail-cheat-sheet-dcf2b92e37e2
(use VPN to open from Russia)
#aws
👍4🔥1🤔1
🔶 AWS announces Software Bill of Materials export capability in Amazon Inspector
Amazon Inspector now offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all Amazon Inspector monitored resources across your organization in industry standard formats, including CycloneDx and SPDX.
https://aws.amazon.com/ru/about-aws/whats-new/2023/06/software-bill-materials-export-capability-amazon-inspector
#aws
Amazon Inspector now offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all Amazon Inspector monitored resources across your organization in industry standard formats, including CycloneDx and SPDX.
https://aws.amazon.com/ru/about-aws/whats-new/2023/06/software-bill-materials-export-capability-amazon-inspector
#aws
🔥3👍2❤1
🔶 AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice
While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass.
https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice
#aws
While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass.
https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice
#aws
👍3❤2🔥1
🔶 How to get rid of AWS access keys - Part 2: Reducing Privileges
How to reduce the privileges of AWS access keys in order to mitigate their risk.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-2
#aws
How to reduce the privileges of AWS access keys in order to mitigate their risk.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-2
#aws
👍3🔥3👏1
🔶🔷🔴 8 Terraform continuous validation use cases for AWS, Google Cloud, and Azure
How to use Terraform "check" blocks and continuous validation with AWS, Google Cloud, and Azure services.
https://www.hashicorp.com/blog/8-terraform-continuous-validation-use-cases-for-aws-google-cloud-and-azure
#aws #azure #gcp
How to use Terraform "check" blocks and continuous validation with AWS, Google Cloud, and Azure services.
https://www.hashicorp.com/blog/8-terraform-continuous-validation-use-cases-for-aws-google-cloud-and-azure
#aws #azure #gcp
👍2🔥2❤1
🔶 Leveraging AWS SSO (aka Identity Center) with Google Workspaces
A Better way to configure AWS Identity Center to use Google Workspace/Cloud Identity with SCIM Support.
https://www.primeharbor.com/blog/aws-identity-center-google-v2
#aws
A Better way to configure AWS Identity Center to use Google Workspace/Cloud Identity with SCIM Support.
https://www.primeharbor.com/blog/aws-identity-center-google-v2
#aws
👍4🔥2😱1
🔴 How to migrate sensitive data with confidence using Google Cloud's CDMC-certified architecture
New and existing Google Cloud customers can migrate their sensitive data to the cloud with greater confidence thanks to the newly CDMC-certified architecture.
https://cloud.google.com/blog/products/identity-security/how-to-migrate-sensitive-data-using-google-clouds-cdmc-certified-architecture
#gcp
New and existing Google Cloud customers can migrate their sensitive data to the cloud with greater confidence thanks to the newly CDMC-certified architecture.
https://cloud.google.com/blog/products/identity-security/how-to-migrate-sensitive-data-using-google-clouds-cdmc-certified-architecture
#gcp
👍3🔥2😱1
🔶 Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges
Granting a user the unconstrained permission to update Lambda function code in an AWS account can have unexpected, possibly severe, consequences under certain conditions that might not be obvious on first pass.
https://ermetic.com/blog/aws/sometimes-what-sounds-benign-can-bite-you-an-unexpected-implication-of-lambda-privileges
#aws
Granting a user the unconstrained permission to update Lambda function code in an AWS account can have unexpected, possibly severe, consequences under certain conditions that might not be obvious on first pass.
https://ermetic.com/blog/aws/sometimes-what-sounds-benign-can-bite-you-an-unexpected-implication-of-lambda-privileges
#aws
🔥3❤1👍1
🔶 Cedar: Avoiding the cracks
More and more engineers are considering integrating Cedar into their own systems for authorization, but what do policy authors need to consider to avoid unexpected outcomes?
https://onecloudplease.com/blog/cedar-avoiding-the-cracks
#aws
More and more engineers are considering integrating Cedar into their own systems for authorization, but what do policy authors need to consider to avoid unexpected outcomes?
https://onecloudplease.com/blog/cedar-avoiding-the-cracks
#aws
🔥2❤1👍1
🔶 What's New in AWS Certified Security Specialty SCS-C02 Exam in 2023?
The AWS Security Specialty Exam (SCS-C01) got a makeover and will be retiring next week. The new and improved SCS-C01, updated with new content and an added domain is now available.
https://twitter.com/4n6lady/status/1675636987133321217?s=46&t=J3j_Bp59pI4rfliKITPeZQ
(Use VPN to open from Russia)
#aws
The AWS Security Specialty Exam (SCS-C01) got a makeover and will be retiring next week. The new and improved SCS-C01, updated with new content and an added domain is now available.
https://twitter.com/4n6lady/status/1675636987133321217?s=46&t=J3j_Bp59pI4rfliKITPeZQ
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔴 Configuring Workload Identity Federation for GitHub actions and Terraform Cloud
Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.
https://cloud.google.com/blog/products/identity-security/secure-your-use-of-third-party-tools-with-identity-federation
#gcp
Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.
https://cloud.google.com/blog/products/identity-security/secure-your-use-of-third-party-tools-with-identity-federation
#gcp
👍2❤1🔥1
🔷 Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
https://azure.microsoft.com/en-us/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs
#azure
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
https://azure.microsoft.com/en-us/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs
#azure
❤2👍2🔥1
🔷 Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.
https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/
#azure
Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.
https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/
#azure
❤2👍2🔥1
🔶 Refining IAM Permissions Like A Pro
How to detect unused IAM permissions and update them to move safely toward a least privilege environment.
https://catalog.workshops.aws/refining-iam-permissions-like-a-pro/en-US
#aws
How to detect unused IAM permissions and update them to move safely toward a least privilege environment.
https://catalog.workshops.aws/refining-iam-permissions-like-a-pro/en-US
#aws
👍3❤1🔥1
🔶 IAMActionHunter
An IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS IAM.
https://github.com/RhinoSecurityLabs/IAMActionHunter
#aws
An IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS IAM.
https://github.com/RhinoSecurityLabs/IAMActionHunter
#aws
👍4❤1🔥1
🔷 Azure AD is Becoming Microsoft Entra ID
Microsoft is rebranding Azure AD to Microsoft Entra ID.
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
#azure
Microsoft is rebranding Azure AD to Microsoft Entra ID.
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
#azure
👍2🔥1👏1
🔶 How to Monitor AWS IAM Root Users at Scale: Best Practices
CloudYali provides insights into best practices and effective strategies for managing IAM users at scale. The article delves into IAM user monitoring, emphasising the importance of the root user, and highlighting essential IAM security practices. It also covers automation of IAM Credential Report generation at scale, streamlining the collection of IAM user information and facilitating more efficient monitoring and management for cloud teams.
https://www.cloudyali.io/blogs/how-to-monitor-aws-iam-root-users-at-scale-best-practices?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-191-badzure-detection-response-pipelines-18k-subscribers
#aws
CloudYali provides insights into best practices and effective strategies for managing IAM users at scale. The article delves into IAM user monitoring, emphasising the importance of the root user, and highlighting essential IAM security practices. It also covers automation of IAM Credential Report generation at scale, streamlining the collection of IAM user information and facilitating more efficient monitoring and management for cloud teams.
https://www.cloudyali.io/blogs/how-to-monitor-aws-iam-root-users-at-scale-best-practices?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-191-badzure-detection-response-pipelines-18k-subscribers
#aws
👍2🔥1👏1
🔴 Bad.Build: PE & RCE Vulnerabilities in Google Cloud Build
The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enables attackers to escalate privileges and gain unauthorized access to code repositories and images in Artifact Registry.
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/
#gcp
The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enables attackers to escalate privileges and gain unauthorized access to code repositories and images in Artifact Registry.
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/
#gcp
👍3👎1🔥1👏1
🔶 Abusing Amazon VPC CNI plugin for Kubernetes
The article discusses a security vulnerability in the Amazon VPC CNI plugin, used by Amazon EKS. The flaw allows an attacker to move laterally to other VPCs in the AWS account.
https://www.elttam.com/blog/amazon-vpc-cni/
#aws
The article discusses a security vulnerability in the Amazon VPC CNI plugin, used by Amazon EKS. The flaw allows an attacker to move laterally to other VPCs in the AWS account.
https://www.elttam.com/blog/amazon-vpc-cni/
#aws
👍2❤1🔥1
🔶 Orca Security's journey to a petabyte-scale data lake with Apache Iceberg and AWS Analytics
Orca Security shares their experience in building a petabyte-scale data lake using Apache Iceberg and AWS services.
https://aws.amazon.com/ru/blogs/big-data/orca-securitys-journey-to-a-petabyte-scale-data-lake-with-apache-iceberg-and-aws-analytics/
#aws
Orca Security shares their experience in building a petabyte-scale data lake using Apache Iceberg and AWS services.
https://aws.amazon.com/ru/blogs/big-data/orca-securitys-journey-to-a-petabyte-scale-data-lake-with-apache-iceberg-and-aws-analytics/
#aws
👍3🔥1👏1
🔶 How to get rid of AWS access keys - Part 3: Replacing the authentication
Post discussing alternative solutions to using access keys.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-3
#aws
Post discussing alternative solutions to using access keys.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-3
#aws
👍3❤1🔥1