🔶 Perform continuous vulnerability scanning of AWS Lambda functions with Amazon Inspector
Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.
https://aws.amazon.com/ru/blogs/security/perform-continuous-vulnerability-scanning-of-aws-lambda-functions-with-amazon-inspector/
#aws
Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.
https://aws.amazon.com/ru/blogs/security/perform-continuous-vulnerability-scanning-of-aws-lambda-functions-with-amazon-inspector/
#aws
👍4🔥2❤1
🔶 Configure fine-grained access to your resources shared using AWS Resource Access Manager
You can use AWS Resource Access Manager (AWS RAM) to securely, simply, and consistently share supported resource types within your organization or organizational units (OUs) and across AWS accounts.
https://aws.amazon.com/ru/blogs/security/configure-fine-grained-access-to-your-resources-shared-using-aws-resource-access-manager/
#aws
You can use AWS Resource Access Manager (AWS RAM) to securely, simply, and consistently share supported resource types within your organization or organizational units (OUs) and across AWS accounts.
https://aws.amazon.com/ru/blogs/security/configure-fine-grained-access-to-your-resources-shared-using-aws-resource-access-manager/
#aws
👍3❤1🔥1
🔷 Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform
A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets).
https://www.tenable.com/security/research/tra-2023-25
(Use VPN to open from Russia)
#azure
A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets).
https://www.tenable.com/security/research/tra-2023-25
(Use VPN to open from Russia)
#azure
❤1👍1🔥1
🔷 Knocking on the Front Door (client side desync attack on Azure CDN)
A write-up on a Browser-Powered Desync bug discovered in the Azure CDN service known as Front Door.
https://blog.jeti.pw/posts/knocking-on-the-front-door
#azure
A write-up on a Browser-Powered Desync bug discovered in the Azure CDN service known as Front Door.
https://blog.jeti.pw/posts/knocking-on-the-front-door
#azure
👍1🔥1👏1
🔶 Hacking Github AWS integrations again
Another post looking at the perils of unproperly scoping access provided by OIDC.
https://dagrz.com/writing/aws-security/hacking-github-aws-oidc
#aws
Another post looking at the perils of unproperly scoping access provided by OIDC.
https://dagrz.com/writing/aws-security/hacking-github-aws-oidc
#aws
🔥2❤1👍1
🔶 AWS Security Monitoring in 2023: Untangle the chaos
This post provides recommendations for implementing an effective security monitoring strategy in AWS.
https://marbot.io/blog/2023-08-04-aws-security-monitoring-in-2023.html
#aws
This post provides recommendations for implementing an effective security monitoring strategy in AWS.
https://marbot.io/blog/2023-08-04-aws-security-monitoring-in-2023.html
#aws
👍4🔥1😱1
🔶 SSRF Tricks - Thread
Some tricks «rhynorater» picked up over the past 5 years of web app testing.
https://x.com/rhynorater/status/1689400476452679682?s=52&t=J3j_Bp59pI4rfliKITPeZQ
(Use VPN to open from Russia)
#aws
Some tricks «rhynorater» picked up over the past 5 years of web app testing.
https://x.com/rhynorater/status/1689400476452679682?s=52&t=J3j_Bp59pI4rfliKITPeZQ
(Use VPN to open from Russia)
#aws
👍4❤1🔥1😱1
🔷 An Azure Tale of VPN, Conditional Access and MFA Bypass
A walkthrough review of the implementation of an on-prem VPN server that used Azure AD as the idP and enforced MFA via conditional access policies.
https://simondotsh.com/infosec/2023/08/15/azure-tale-vpn-ca-mfa-bypass.html
#azure
A walkthrough review of the implementation of an on-prem VPN server that used Azure AD as the idP and enforced MFA via conditional access policies.
https://simondotsh.com/infosec/2023/08/15/azure-tale-vpn-ca-mfa-bypass.html
#azure
👍3🔥1👏1
🔶 When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability
Threat actors used SugarCRM's zero-day CVE-2023-22952 and cloud account misconfigurations to access credentials.
https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat
#aws
Threat actors used SugarCRM's zero-day CVE-2023-22952 and cloud account misconfigurations to access credentials.
https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat
#aws
👍5❤1🔥1
🔶 Identifying & Reducing Permission Explosion in AWS
The slides of a BlackHat 2023 talk that discusses how to identify, fix, and prevent permission explosion in your AWS environment.
https://i.blackhat.com/BH-US-23/Presentations/US-23-Moolrajani-Reducing-AWS-Permission-Explosion.pdf
#aws
The slides of a BlackHat 2023 talk that discusses how to identify, fix, and prevent permission explosion in your AWS environment.
https://i.blackhat.com/BH-US-23/Presentations/US-23-Moolrajani-Reducing-AWS-Permission-Explosion.pdf
#aws
👍4🔥2👏1
🔶 How to setup geofencing and IP allow-list for Cognito user pool
AWS recently announced that is now possible to enable WAF protection for Cognito user pools. And one of the things you can do with this is to implement geo-fencing and IP allow/deny lists.
https://theburningmonk.com/2022/08/how-to-setup-geofencing-and-ip-allow-list-for-cognito-user-pool/
#aws
AWS recently announced that is now possible to enable WAF protection for Cognito user pools. And one of the things you can do with this is to implement geo-fencing and IP allow/deny lists.
https://theburningmonk.com/2022/08/how-to-setup-geofencing-and-ip-allow-list-for-cognito-user-pool/
#aws
👍3🔥2😱1
🔶 Terraform best practices for reliability at any scale
At scale, many Terraform state files are better than one. But how do you draw the boundaries and decide which resources belong in which state files? What are the best practices for organizing Terraform state files to maximize reliability, minimize the blast-radius of changes, and align with the design of cloud providers?
https://substrate.tools/blog/terraform-best-practices-for-reliability-at-any-scale
#aws
At scale, many Terraform state files are better than one. But how do you draw the boundaries and decide which resources belong in which state files? What are the best practices for organizing Terraform state files to maximize reliability, minimize the blast-radius of changes, and align with the design of cloud providers?
https://substrate.tools/blog/terraform-best-practices-for-reliability-at-any-scale
#aws
👍3👎1🔥1😱1
🔶 Methods to Backdoor an AWS Account
Post exploring some methods that an adversary can use to create backdoors in your AWS account: access keys, AssumeRole, changing Security Groups, UserData noscripts, and SSM Send-Command.
https://mystic0x1.github.io/posts/methods-to-backdoor-an-aws-account/
#aws
Post exploring some methods that an adversary can use to create backdoors in your AWS account: access keys, AssumeRole, changing Security Groups, UserData noscripts, and SSM Send-Command.
https://mystic0x1.github.io/posts/methods-to-backdoor-an-aws-account/
#aws
👍6🔥1👏1
🔶 Pivoting Clouds in AWS Organizations: Examining AWS Security Features and Tools for Enumeration
The architecture and considerable number of enabled/delegated service possibilities in AWS Organizations presents a serious vector for lateral movement within corporate environments. This could easily turn a single AWS account takeover into a multiple account takeover.
https://www.netspi.com/blog/technical/cloud-penetration-testing/pivoting-clouds-aws-organizations-part-2/
#aws
The architecture and considerable number of enabled/delegated service possibilities in AWS Organizations presents a serious vector for lateral movement within corporate environments. This could easily turn a single AWS account takeover into a multiple account takeover.
https://www.netspi.com/blog/technical/cloud-penetration-testing/pivoting-clouds-aws-organizations-part-2/
#aws
👍3🔥1👏1
🔶 Risk in AWS SSM Port Forwarding
A surprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM's Port Forwarding features.
https://ramimac.me/ssm-iam
#aws
A surprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM's Port Forwarding features.
https://ramimac.me/ssm-iam
#aws
👍4🔥1👏1
🔶 Shipping RDS IAM Authentication (with a bastion host & SSM)
A basic guide to getting RDS IAM Authentication set up when you're using a Private Endpoint.
https://ramimac.me/rds-iam-auth
#aws
A basic guide to getting RDS IAM Authentication set up when you're using a Private Endpoint.
https://ramimac.me/rds-iam-auth
#aws
👍3🔥1😱1
🔷 New zero trust and digital sovereignty controls in Workspace, powered by AI
Google announced new zero trust, digital sovereignty, and threat defense controls powered by Google AI to help organizations keep their data safe.
https://workspace.google.com/blog/identity-and-security/accelerating-zero-trust-and-digital-sovereignty-ai
#azure
Google announced new zero trust, digital sovereignty, and threat defense controls powered by Google AI to help organizations keep their data safe.
https://workspace.google.com/blog/identity-and-security/accelerating-zero-trust-and-digital-sovereignty-ai
#azure
👍4🔥1👏1
🔷 How to Detect When an Azure Guest User Account Is Being Exploited
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. However, this could prove to be a costly mistake.
https://orca.security/resources/blog/detect-guest-user-account-exploited
#azure
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. However, this could prove to be a costly mistake.
https://orca.security/resources/blog/detect-guest-user-account-exploited
#azure
👍2❤1🔥1
🔴 Grafana security update: GPG signing key rotation
Grafana signing keys have been exposed. Be sure to update their trusted certificate if you are a Grafana user.
https://grafana.com/blog/2023/08/24/grafana-security-update-gpg-signing-key-rotation/
#gcp
Grafana signing keys have been exposed. Be sure to update their trusted certificate if you are a Grafana user.
https://grafana.com/blog/2023/08/24/grafana-security-update-gpg-signing-key-rotation/
#gcp
👍3🔥1😱1
🔶 Authorizing cross-account KMS access with aliases
KMS aliases are a great way to make KMS keys more convenient. But permitting one account to use an KMS key in another account through a KMS alias can be difficult. This article explains why, and how to solve the problem correctly.
https://lucvandonkersgoed.com/2023/08/25/authorizing-cross-account-kms-access-with-aliases
#aws
KMS aliases are a great way to make KMS keys more convenient. But permitting one account to use an KMS key in another account through a KMS alias can be difficult. This article explains why, and how to solve the problem correctly.
https://lucvandonkersgoed.com/2023/08/25/authorizing-cross-account-kms-access-with-aliases
#aws
👍3🔥1😱1
🔷 5 Tips to prevent or limit the impact of an incident in Azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subnoscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subnoscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
👍3❤1🔥1