🔶 AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation
The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they've named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, and Amazon SageMaker.
https://sysdig.com/blog/ambersquid/
(Use VPN to open from Russia)
#aws
The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they've named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, and Amazon SageMaker.
https://sysdig.com/blog/ambersquid/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 Remote analysis on cloud object-storage
The journey of making the volatility3 framework compatible with S3 object-storage to perform memory analysis over the network.
https://www.forensicxlab.com/posts/vols3/
#aws
The journey of making the volatility3 framework compatible with S3 object-storage to perform memory analysis over the network.
https://www.forensicxlab.com/posts/vols3/
#aws
👍4❤1🔥1
🔶 Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere
Post walking through the steps on how to obtain AWS temporary credentials for your external CI/CD pipelines by using IAM Roles Anywhere and an on-premises hosted server running Azure DevOps Services.
https://aws.amazon.com/ru/blogs/security/enable-external-pipeline-deployments-to-aws-cloud-by-using-iam-roles-anywhere/
#aws
Post walking through the steps on how to obtain AWS temporary credentials for your external CI/CD pipelines by using IAM Roles Anywhere and an on-premises hosted server running Azure DevOps Services.
https://aws.amazon.com/ru/blogs/security/enable-external-pipeline-deployments-to-aws-cloud-by-using-iam-roles-anywhere/
#aws
👍5❤1🔥1
🔶 Automate Lambda code signing with Amazon CodeCatalyst and AWS Signer
How to use Amazon CodeCatalyst with AWS Signer to fully manage the code signing process to ensure the trust and integrity of code assets.
https://aws.amazon.com/ru/blogs/devops/automate-lambda-code-signing-with-amazon-codecatalyst-and-aws-signer/
#aws
How to use Amazon CodeCatalyst with AWS Signer to fully manage the code signing process to ensure the trust and integrity of code assets.
https://aws.amazon.com/ru/blogs/devops/automate-lambda-code-signing-with-amazon-codecatalyst-and-aws-signer/
#aws
👍4🔥1😱1
🔶 Deploy AWS WAF faster with Security Automations
You can now deploy AWS WAF managed rules as part of the Security Automations for AWS WAF solution.
https://aws.amazon.com/ru/blogs/security/deploy-aws-managed-rules-using-security-automations-for-aws-waf/
#aws
You can now deploy AWS WAF managed rules as part of the Security Automations for AWS WAF solution.
https://aws.amazon.com/ru/blogs/security/deploy-aws-managed-rules-using-security-automations-for-aws-waf/
#aws
👍5❤1🔥1😱1
🔶 terraform-aws-api-gateway
Terraform module to create Route53 resource on AWS for create api gateway with its basic elements.
https://github.com/clouddrove/terraform-aws-api-gateway
#aws
Terraform module to create Route53 resource on AWS for create api gateway with its basic elements.
https://github.com/clouddrove/terraform-aws-api-gateway
#aws
👍2❤1🔥1
🔷 Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Microsoft's analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions.
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/
#azure
Microsoft's analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions.
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/
#azure
👍3❤1🔥1
🔶 Introduction to AWS Attribute-Based Access Control
The article provides an introduction to Attribute-Based Access Control (ABAC) in AWS. It explains how ABAC differs from traditional Role-Based Access Control (RBAC) and how to use tags to implement ABAC.
https://research.nccgroup.com/2023/10/02/introduction-to-aws-attribute-based-access-control/
#aws
The article provides an introduction to Attribute-Based Access Control (ABAC) in AWS. It explains how ABAC differs from traditional Role-Based Access Control (RBAC) and how to use tags to implement ABAC.
https://research.nccgroup.com/2023/10/02/introduction-to-aws-attribute-based-access-control/
#aws
👍3🔥2❤1
🔶 5 things you may not know about AWS IAM
SCPs are not inherited like you would expect them to be, resource policies can give permissions by themselves, NotPrincipal evaluation may not do what you expect, a permission can be granted by a combination of statements, KMS grants are like detached resource policy statements.
https://blog.revolve.team/2023/09/21/5-things-about-aws-iam/
#aws
SCPs are not inherited like you would expect them to be, resource policies can give permissions by themselves, NotPrincipal evaluation may not do what you expect, a permission can be granted by a combination of statements, KMS grants are like detached resource policy statements.
https://blog.revolve.team/2023/09/21/5-things-about-aws-iam/
#aws
👍3🔥2❤1
🔶 Security Hub gives me imposter syndrome
Chris Farris' take on AWS Security Hub, what's wrong, what's good, and why it's a dangerous service for smaller companies.
https://www.chrisfarris.com/post/securityhub-2023/
#aws
Chris Farris' take on AWS Security Hub, what's wrong, what's good, and why it's a dangerous service for smaller companies.
https://www.chrisfarris.com/post/securityhub-2023/
#aws
👍3❤1🔥1
🔶 Meeting the FedRAMP FIPS 140-2 requirement on AWS
Some ideas for implementing encryption that uses FIPS modules on AWS.
https://alsmola.medium.com/meeting-the-fedramp-fips-140-2-requirement-on-aws-e9886ba3f66b
(Use VPN to open from Russia)
#aws
Some ideas for implementing encryption that uses FIPS modules on AWS.
https://alsmola.medium.com/meeting-the-fedramp-fips-140-2-requirement-on-aws-e9886ba3f66b
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 Following attackers' (Cloud)trail in AWS: Methodology and findings in the wild
Datadog's methodology to proactively identify malicious activity by investigating logs in AWS Cloudtrail.
https://securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/
#aws
Datadog's methodology to proactively identify malicious activity by investigating logs in AWS Cloudtrail.
https://securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/
#aws
👍4🔥2❤1
🔶 Attacking AWS Cognito with Pacu
Common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation.
https://rhinosecuritylabs.com/aws/attacking-aws-cognito-with-pacu-p1/
#aws
Common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation.
https://rhinosecuritylabs.com/aws/attacking-aws-cognito-with-pacu-p1/
#aws
🔥5❤1👍1
🔴 Investigate Service Account Key Origins and Usage with Best Practices
Deep dive on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage.
https://p0.dev/blog/service-account-key-origins
#gcp
Deep dive on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage.
https://p0.dev/blog/service-account-key-origins
#gcp
👍4❤1🔥1
🔷 Phishing for Primary Refresh Tokens and Windows Hello keys
Post describing new techniques to phish for Primary Refresh Tokens, and in some scenarios also deploy passwordless credentials that comply with even the strictest MFA policies.
https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/
#azure
Post describing new techniques to phish for Primary Refresh Tokens, and in some scenarios also deploy passwordless credentials that comply with even the strictest MFA policies.
https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/
#azure
😱4🔥2👍1
🔶 Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages.
https://checkmarx.com/blog/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack/
#aws
Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages.
https://checkmarx.com/blog/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack/
#aws
🔥5❤1👍1
🔶 What Can Go Wrong When an EC2 Instance is Exposed to SSRF
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF.
https://ermetic.com/blog/cloud/exfiltrated-signed-delivered-what-can-go-wrong-when-an-amazon-elastic-compute-cloud-ec2-instance-is-exposed-to-ssrf/
#aws
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF.
https://ermetic.com/blog/cloud/exfiltrated-signed-delivered-what-can-go-wrong-when-an-amazon-elastic-compute-cloud-ec2-instance-is-exposed-to-ssrf/
#aws
👍3🔥2❤1
🔶 Adopt Open ID Connect (OIDC) in Terraform for secure multi-account CI/CD to AWS
Deploy to AWS with Terraform and GitHub Actions using Open ID Connect (OIDC) and IAM AssumeRoleWithWebIdentity. Say goodbye to IAM users and long-lived credentials.
https://hedrange.com/2023/10/07/adopt-open-id-connect-oidc-in-terraform-for-secure-multi-account-ci-cd-to-aws/
#aws
Deploy to AWS with Terraform and GitHub Actions using Open ID Connect (OIDC) and IAM AssumeRoleWithWebIdentity. Say goodbye to IAM users and long-lived credentials.
https://hedrange.com/2023/10/07/adopt-open-id-connect-oidc-in-terraform-for-secure-multi-account-ci-cd-to-aws/
#aws
👍4🔥2❤1
🔷 Everything you need to know about the Microsoft Graph Activity Logs
An introduction on the new Graph APIs that can help incident responders close some visibility gaps.
https://invictus-ir.medium.com/everything-you-need-to-know-about-the-microsoftgraphactivitylogs-5bd7c158dc1c
(Use VPN to open from Russia)
#azure
An introduction on the new Graph APIs that can help incident responders close some visibility gaps.
https://invictus-ir.medium.com/everything-you-need-to-know-about-the-microsoftgraphactivitylogs-5bd7c158dc1c
(Use VPN to open from Russia)
#azure
👍3🔥1😱1
🔶 Terraform AWS Provider: Everything you need to know about Multi-Account Authentication and Configuration
Post covering multiple options available to configure the authentication between Terraform and AWS.
https://hector-reyesaleman.medium.com/terraform-aws-provider-everything-you-need-to-know-about-multi-account-authentication-and-f2343a4afd4b
(Use VPN to open from Russia)
#aws
Post covering multiple options available to configure the authentication between Terraform and AWS.
https://hector-reyesaleman.medium.com/terraform-aws-provider-everything-you-need-to-know-about-multi-account-authentication-and-f2343a4afd4b
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔴 Cloud CISO Perspectives: How boards can help cyber-crisis communications
Google Cloud CISO Phil Venables talks about the important (and often undervalued) organizational skill of crisis communications.
https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-boards-can-help-cyber-crisis-communications/
#gcp
Google Cloud CISO Phil Venables talks about the important (and often undervalued) organizational skill of crisis communications.
https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-boards-can-help-cyber-crisis-communications/
#gcp
👍3❤1🔥1