🔶 Automate Cedar policy validation with AWS developer tools
How to use developer tools on AWS to implement a build pipeline that validates the Cedar policy files against a schema and runs a suite of tests to isolate the Cedar policy logic.
https://aws.amazon.com/ru/blogs/security/automate-cedar-policy-validation-with-aws-developer-tools/
#aws
How to use developer tools on AWS to implement a build pipeline that validates the Cedar policy files against a schema and runs a suite of tests to isolate the Cedar policy logic.
https://aws.amazon.com/ru/blogs/security/automate-cedar-policy-validation-with-aws-developer-tools/
#aws
👍4❤1🔥1
🔶 Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining
Two attacks in an AWS environment that led to crypto mining and data exfiltration.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-ecs-crypto-mining/
#aws
Two attacks in an AWS environment that led to crypto mining and data exfiltration.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-ecs-crypto-mining/
#aws
👍4❤1🔥1
🔶 AWS Account Security Onboarding Mind Map
A succinct and structured mind map that could act like a checklist when onboarding new AWS Accounts to an existing AWS Organization.
https://www.linkedin.com/pulse/aws-account-security-onboarding-mind-map-artem-marusov-zrpre/
(Use VPN to open from Russia)
#aws
A succinct and structured mind map that could act like a checklist when onboarding new AWS Accounts to an existing AWS Organization.
https://www.linkedin.com/pulse/aws-account-security-onboarding-mind-map-artem-marusov-zrpre/
(Use VPN to open from Russia)
#aws
🔥5👍2❤1
🔶 AWS IAM Roles Anywhere with MacOS Keychain
Create a test Certificate Authority, configure AWS IAM Roles Anywhere and test access to AWS authenticating with a certificate in MacOS Keychain.
https://medium.com/@paulschwarzenberger/aws-iam-roles-anywhere-with-macos-keychain-17764b5fb848
(Use VPN to open from Russia)
#aws
Create a test Certificate Authority, configure AWS IAM Roles Anywhere and test access to AWS authenticating with a certificate in MacOS Keychain.
https://medium.com/@paulschwarzenberger/aws-iam-roles-anywhere-with-macos-keychain-17764b5fb848
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔷 Azure Logs: Breaking Through the Cloud Cover
Azure Monitor Activity Logs can be difficult to interpret. This blog offers insights into these logs where you'll find an invaluable reference tool and guide designed to demystify Azure's logging complexities.
https://permiso.io/blog/azure-logs-breaking-through-the-cloud-cover
#azure
Azure Monitor Activity Logs can be difficult to interpret. This blog offers insights into these logs where you'll find an invaluable reference tool and guide designed to demystify Azure's logging complexities.
https://permiso.io/blog/azure-logs-breaking-through-the-cloud-cover
#azure
👍3❤1🔥1
🔴 Google Cloud Incident Response Cheat Sheet
A visual lifeline designed to equip you with the crucial steps and resources needed to navigate a GCP security incident.
https://medium.com/google-cloud/google-cloud-incident-response-cheat-sheet-dfde9054ac16
(Use VPN to open from Russia)
#gcp
A visual lifeline designed to equip you with the crucial steps and resources needed to navigate a GCP security incident.
https://medium.com/google-cloud/google-cloud-incident-response-cheat-sheet-dfde9054ac16
(Use VPN to open from Russia)
#gcp
👍5❤1🔥1
🔷 Azure Attack Paths
Post shedding some light on known attack paths in an Azure environment.
https://cloudbrothers.info/en/azure-attack-paths/
#azure
Post shedding some light on known attack paths in an Azure environment.
https://cloudbrothers.info/en/azure-attack-paths/
#azure
👍3❤1🔥1
🔶 How least privilege leads to a false sense of security
A view on least privilege which proposes its application misleads us in a wrong sense of security.
https://www.robertdemeyer.com/post/ciem-part-1-how-least-privilege-leads-to-a-false-sense-of-security
#aws
A view on least privilege which proposes its application misleads us in a wrong sense of security.
https://www.robertdemeyer.com/post/ciem-part-1-how-least-privilege-leads-to-a-false-sense-of-security
#aws
🔥6❤1👍1
🔴 Sys:All Google Kubernetes Engine Risk
The Orca Research Pod has discovered a risk in Google Kubernetes Engine (GKE) that would allow an attacker with any Google account to take over a Kubernetes cluster. You can also read the follow up blog post.
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk/
#gcp
The Orca Research Pod has discovered a risk in Google Kubernetes Engine (GKE) that would allow an attacker with any Google account to take over a Kubernetes cluster. You can also read the follow up blog post.
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk/
#gcp
👍4🔥2❤1
🔶 How Zurich Insurance Group built their Scalable Account Vending process using AWS Account Factory for Terraform
By adopting AWS Control Tower Account Factory for Terraform, Zurich were able to achieve the scalability, resilience and performance to support provisioning of a projected 3000+ accounts.
https://aws.amazon.com/ru/blogs/architecture/how-zurich-insurance-group-built-their-scalable-account-vending-process-using-aws-account-factory-for-terraform/
#aws
By adopting AWS Control Tower Account Factory for Terraform, Zurich were able to achieve the scalability, resilience and performance to support provisioning of a projected 3000+ accounts.
https://aws.amazon.com/ru/blogs/architecture/how-zurich-insurance-group-built-their-scalable-account-vending-process-using-aws-account-factory-for-terraform/
#aws
👍3🔥2❤1
🔶 The curious case of DangerDev@protonmail.me
An AWS incident response story, including the techniques used by the threat actor.
https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me
#aws
An AWS incident response story, including the techniques used by the threat actor.
https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me
#aws
👍3❤1🔥1
🔴 GKE/Gmail vulnerability: notes and tips
Security researchers have discovered a new Google Kubernetes Engine misconfiguration that could allow attackers with a basic Gmail account to take control of a Kubernetes (k8s) cluster.
https://expel.com/blog/gke-gmail-vulnerability-notes-and-tips/
#gcp
Security researchers have discovered a new Google Kubernetes Engine misconfiguration that could allow attackers with a basic Gmail account to take control of a Kubernetes (k8s) cluster.
https://expel.com/blog/gke-gmail-vulnerability-notes-and-tips/
#gcp
👍4❤1🔥1
🔷 Azure Arc as persistence technique: stealthier than one would think on Linux servers
Post analyzing how using Azure Arc as a persistence vector would work, and what kind of logs it would generate on the host.
https://safecontrols.blog/2023/10/25/azure-arc-as-persistence-technique-stealthier-than-one-would-think-on-linux-servers/
#azure
Post analyzing how using Azure Arc as a persistence vector would work, and what kind of logs it would generate on the host.
https://safecontrols.blog/2023/10/25/azure-arc-as-persistence-technique-stealthier-than-one-would-think-on-linux-servers/
#azure
👍5❤1🔥1
🔶 CIEM Part 2: Measure risk probability in IAM
Post that tries to classify IAM Roles or IAM User candidates for an attack.
https://www.robertdemeyer.com/post/ciem-part-2-measure-risk-probability-in-iam
#aws
Post that tries to classify IAM Roles or IAM User candidates for an attack.
https://www.robertdemeyer.com/post/ciem-part-2-measure-risk-probability-in-iam
#aws
👍4❤1🔥1
🔴 Announcing general availability of Custom Org Policy to help tailor resource guardrails with confidence
Custom Organization Policies is now generally available. The powerful new extension to Org Policies can create granular resource policies to address cloud governance requirements.
https://cloud.google.com/blog/products/identity-security/announcing-custom-org-policy-to-help-tailor-resource-guardrails-with-confidence/
#gcp
Custom Organization Policies is now generally available. The powerful new extension to Org Policies can create granular resource policies to address cloud governance requirements.
https://cloud.google.com/blog/products/identity-security/announcing-custom-org-policy-to-help-tailor-resource-guardrails-with-confidence/
#gcp
👍3❤1🔥1
🔶 CIEM Part 3: Mastering privilege management for developers
How to determine the right point in time to harden a role which results in guidance on where to invest your time.
https://www.robertdemeyer.com/post/ciem-part-3-mastering-privilege-management-for-developers
#aws
How to determine the right point in time to harden a role which results in guidance on where to invest your time.
https://www.robertdemeyer.com/post/ciem-part-3-mastering-privilege-management-for-developers
#aws
👍5❤1🔥1
🔷 Azure HDInsight Privilege Escalation and Denial of Service Vulnerabilities
The Orca Security Research Pod discovered three vulnerabilities in Azure HDInsight that could lead to privilege escalation and denial of service.
https://orca.security/resources/blog/azure-hd-insight-vulnerabilities-privilege-escalation/
#azure
The Orca Security Research Pod discovered three vulnerabilities in Azure HDInsight that could lead to privilege escalation and denial of service.
https://orca.security/resources/blog/azure-hd-insight-vulnerabilities-privilege-escalation/
#azure
🔥3👍1😱1
🔶 Conditional Love for AWS Metadata Enumeration
How would you feel if an attacker could read your AWS resource tags? Turns out they can!
https://blog.plerion.com/conditional-love-for-aws-metadata-enumeration/
#aws
How would you feel if an attacker could read your AWS resource tags? Turns out they can!
https://blog.plerion.com/conditional-love-for-aws-metadata-enumeration/
#aws
👍5❤1🔥1
🔶 New EKS Access Management and Pod Identity features: a security analysis
The Wiz research team unpacks the security implications of the new EKS access and identity management features and recommends best practices when using them.
https://www.wiz.io/blog/eks-cluster-access-management-and-pod-identity-security-recommendations
#aws
The Wiz research team unpacks the security implications of the new EKS access and identity management features and recommends best practices when using them.
https://www.wiz.io/blog/eks-cluster-access-management-and-pod-identity-security-recommendations
#aws
👍6❤1🔥1
🔶🔷🔴 The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker
Commando Cat is a novel cryptojacking campaign exploiting Docker for Initial Access. The campaign deploys a credential stealer payload, targeting Cloud Service Provider credentials (AWS, GCP, Azure).
https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/
#aws #azure #gcp
Commando Cat is a novel cryptojacking campaign exploiting Docker for Initial Access. The campaign deploys a credential stealer payload, targeting Cloud Service Provider credentials (AWS, GCP, Azure).
https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/
#aws #azure #gcp
👍3🔥1😱1
🔷 The Attackers Guide to Azure AD Conditional Access
Post showing why it is important to understand the Conditional Access policy evaluation process and how to find and exploit flaws in a policy design.
https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
#azure
Post showing why it is important to understand the Conditional Access policy evaluation process and how to find and exploit flaws in a policy design.
https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
#azure
👍5🔥3❤1