🔴 Configuring Workload Identity Federation for GitHub actions and Terraform Cloud
Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.
https://cloud.google.com/blog/products/identity-security/secure-your-use-of-third-party-tools-with-identity-federation
#gcp
Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.
https://cloud.google.com/blog/products/identity-security/secure-your-use-of-third-party-tools-with-identity-federation
#gcp
👍2❤1🔥1
🔷 Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
https://azure.microsoft.com/en-us/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs
#azure
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
https://azure.microsoft.com/en-us/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs
#azure
❤2👍2🔥1
🔷 Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.
https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/
#azure
Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.
https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/
#azure
❤2👍2🔥1
🔶 Refining IAM Permissions Like A Pro
How to detect unused IAM permissions and update them to move safely toward a least privilege environment.
https://catalog.workshops.aws/refining-iam-permissions-like-a-pro/en-US
#aws
How to detect unused IAM permissions and update them to move safely toward a least privilege environment.
https://catalog.workshops.aws/refining-iam-permissions-like-a-pro/en-US
#aws
👍3❤1🔥1
🔶 IAMActionHunter
An IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS IAM.
https://github.com/RhinoSecurityLabs/IAMActionHunter
#aws
An IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS IAM.
https://github.com/RhinoSecurityLabs/IAMActionHunter
#aws
👍4❤1🔥1
🔷 Azure AD is Becoming Microsoft Entra ID
Microsoft is rebranding Azure AD to Microsoft Entra ID.
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
#azure
Microsoft is rebranding Azure AD to Microsoft Entra ID.
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436
#azure
👍2🔥1👏1
🔶 How to Monitor AWS IAM Root Users at Scale: Best Practices
CloudYali provides insights into best practices and effective strategies for managing IAM users at scale. The article delves into IAM user monitoring, emphasising the importance of the root user, and highlighting essential IAM security practices. It also covers automation of IAM Credential Report generation at scale, streamlining the collection of IAM user information and facilitating more efficient monitoring and management for cloud teams.
https://www.cloudyali.io/blogs/how-to-monitor-aws-iam-root-users-at-scale-best-practices?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-191-badzure-detection-response-pipelines-18k-subscribers
#aws
CloudYali provides insights into best practices and effective strategies for managing IAM users at scale. The article delves into IAM user monitoring, emphasising the importance of the root user, and highlighting essential IAM security practices. It also covers automation of IAM Credential Report generation at scale, streamlining the collection of IAM user information and facilitating more efficient monitoring and management for cloud teams.
https://www.cloudyali.io/blogs/how-to-monitor-aws-iam-root-users-at-scale-best-practices?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-191-badzure-detection-response-pipelines-18k-subscribers
#aws
👍2🔥1👏1
🔴 Bad.Build: PE & RCE Vulnerabilities in Google Cloud Build
The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enables attackers to escalate privileges and gain unauthorized access to code repositories and images in Artifact Registry.
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/
#gcp
The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enables attackers to escalate privileges and gain unauthorized access to code repositories and images in Artifact Registry.
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/
#gcp
👍3👎1🔥1👏1
🔶 Abusing Amazon VPC CNI plugin for Kubernetes
The article discusses a security vulnerability in the Amazon VPC CNI plugin, used by Amazon EKS. The flaw allows an attacker to move laterally to other VPCs in the AWS account.
https://www.elttam.com/blog/amazon-vpc-cni/
#aws
The article discusses a security vulnerability in the Amazon VPC CNI plugin, used by Amazon EKS. The flaw allows an attacker to move laterally to other VPCs in the AWS account.
https://www.elttam.com/blog/amazon-vpc-cni/
#aws
👍2❤1🔥1
🔶 Orca Security's journey to a petabyte-scale data lake with Apache Iceberg and AWS Analytics
Orca Security shares their experience in building a petabyte-scale data lake using Apache Iceberg and AWS services.
https://aws.amazon.com/ru/blogs/big-data/orca-securitys-journey-to-a-petabyte-scale-data-lake-with-apache-iceberg-and-aws-analytics/
#aws
Orca Security shares their experience in building a petabyte-scale data lake using Apache Iceberg and AWS services.
https://aws.amazon.com/ru/blogs/big-data/orca-securitys-journey-to-a-petabyte-scale-data-lake-with-apache-iceberg-and-aws-analytics/
#aws
👍3🔥1👏1
🔶 How to get rid of AWS access keys - Part 3: Replacing the authentication
Post discussing alternative solutions to using access keys.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-3
#aws
Post discussing alternative solutions to using access keys.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-3
#aws
👍3❤1🔥1
🔶 Refuting AWS Chain Attack - Digging Deeper into EKS Zero Day claims
An analysis of the findings published by a security researcher last month, claiming to have uncovered zero days in thousands of EKS cluster.
https://kloudle.com/blog/refuting-aws-chain-attack-digging-deeper-into-eks-zero-days-claim/
#aws
An analysis of the findings published by a security researcher last month, claiming to have uncovered zero days in thousands of EKS cluster.
https://kloudle.com/blog/refuting-aws-chain-attack-digging-deeper-into-eks-zero-days-claim/
#aws
👍2🔥2👏1
🔶 No keys attached: Exploring GitHub-to-AWS keyless authentication flaws
While popular, GitHub-to-AWS keyless authentication mechanisms can be insecurely configured.
https://securitylabs.datadoghq.com/articles/exploring-github-to-aws-keyless-authentication-flaws/
#aws
While popular, GitHub-to-AWS keyless authentication mechanisms can be insecurely configured.
https://securitylabs.datadoghq.com/articles/exploring-github-to-aws-keyless-authentication-flaws/
#aws
👍2🔥2👏1
🔶 Swiping right on the AWS WAF CAPTCHA challenge
Post walking through a methodology for beating the AWS WAF CAPTCHA challenges programmatically.
https://onecloudplease.com/blog/swiping-right-on-the-aws-waf-captcha-challenge
#aws
Post walking through a methodology for beating the AWS WAF CAPTCHA challenges programmatically.
https://onecloudplease.com/blog/swiping-right-on-the-aws-waf-captcha-challenge
#aws
👍2🔥2👏1
🔶🔷🔴 Hijacking Cloud CI/CD Systems for Fun and Profit
This research details a new technique that can be used by threat actors for supply chain attacks on open-source repositories using GCP, Azure and AWS.
https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit
#aws #azure #gcp
This research details a new technique that can be used by threat actors for supply chain attacks on open-source repositories using GCP, Azure and AWS.
https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit
#aws #azure #gcp
🔥3❤1👍1👏1
🔶AWS Networking Concepts
A mind map to link together all the different networking-related concepts from AWS.
https://miparnisariblog.wordpress.com/2023/03/29/aws-networking-concepts/
#aws
A mind map to link together all the different networking-related concepts from AWS.
https://miparnisariblog.wordpress.com/2023/03/29/aws-networking-concepts/
#aws
👍4🔥2👏1
🔶 Automated First-Response in AWS using Sigma and Athena
Can Sigma rules provide first-response capabilities in a post-compromised AWS environment?
https://invictus-ir.medium.com/automated-first-response-in-aws-using-sigma-and-athena-615940bedc56
(Use VPN to open from Russia)
#aws
Can Sigma rules provide first-response capabilities in a post-compromised AWS environment?
https://invictus-ir.medium.com/automated-first-response-in-aws-using-sigma-and-athena-615940bedc56
(Use VPN to open from Russia)
#aws
👍4🔥3👏1
🔷 Microsoft Entra Workload ID - Introduction and Delegated Permissions
Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?
https://www.cloud-architekt.net/entra-workload-id-introduction-and-delegation
#azure
Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?
https://www.cloud-architekt.net/entra-workload-id-introduction-and-delegation
#azure
👍4🔥1😱1
🔶 More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
This blog lays out a new potential post-exploitation technique: Abusing AWS Systems Manager (SSM) agent so that it functions as a Remote Access Trojan (RAT) on both Linux and Windows machines, while using an attacker AWS account as a Command and Control (C&C).
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
#aws
This blog lays out a new potential post-exploitation technique: Abusing AWS Systems Manager (SSM) agent so that it functions as a Remote Access Trojan (RAT) on both Linux and Windows machines, while using an attacker AWS account as a Command and Control (C&C).
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
#aws
👍3🔥2👏1
🔴 Signing URLs in GCP: Convenience vs. Security
Why the "iam.serviceAccounts.signBlob" permission can cause trouble in your GCP environment.
https://lsgeurope.com/post/signing-urls-in-gcp-convenience-vs-security
#gcp
Why the "iam.serviceAccounts.signBlob" permission can cause trouble in your GCP environment.
https://lsgeurope.com/post/signing-urls-in-gcp-convenience-vs-security
#gcp
👍3🔥1👏1
🔶 Perform continuous vulnerability scanning of AWS Lambda functions with Amazon Inspector
Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.
https://aws.amazon.com/ru/blogs/security/perform-continuous-vulnerability-scanning-of-aws-lambda-functions-with-amazon-inspector/
#aws
Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.
https://aws.amazon.com/ru/blogs/security/perform-continuous-vulnerability-scanning-of-aws-lambda-functions-with-amazon-inspector/
#aws
👍4🔥2❤1