🔶 Terraform CI/CD and testing on AWS with the new Terraform Test Framework
How to validate Terraform modules and how to automate the process using a CI/CD pipeline.
https://aws.amazon.com/ru/blogs/devops/terraform-ci-cd-and-testing-on-aws-with-the-new-terraform-test-framework/
#aws
How to validate Terraform modules and how to automate the process using a CI/CD pipeline.
https://aws.amazon.com/ru/blogs/devops/terraform-ci-cd-and-testing-on-aws-with-the-new-terraform-test-framework/
#aws
👍3🔥2❤1
🔶🔴 IAM Is The Worst
IAM started out as an easy idea that as more and more services were launched, started to become nightmarish to organize. It's too hard to do the right thing now and it's even harder to do the right thing in GCP compared to AWS.
https://matduggan.com/iam-is-the-worst/
#aws #gcp
IAM started out as an easy idea that as more and more services were launched, started to become nightmarish to organize. It's too hard to do the right thing now and it's even harder to do the right thing in GCP compared to AWS.
https://matduggan.com/iam-is-the-worst/
#aws #gcp
👍3❤1🔥1
🔴 Who Touched My GCP Project? Understanding the Principal Part in Cloud Audit Logs
Post which explains how to identify principles and understand the identities present in GCP logs, including impersonation and third-party identities.
https://www.mitiga.io/blog/who-touched-my-gcp-project-understanding-the-principal-part-in-cloud-audit-logs-part-1
#gcp
Post which explains how to identify principles and understand the identities present in GCP logs, including impersonation and third-party identities.
https://www.mitiga.io/blog/who-touched-my-gcp-project-understanding-the-principal-part-in-cloud-audit-logs-part-1
#gcp
👍3🔥1😱1
🔶 Muddled Libra's Evolution to the Cloud
Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.
https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/
#aws
Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.
https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/
#aws
👍5❤1🔥1
🔶 We discovered an AWS access vulnerability
The Stedi team discovered a vulnerability in STS that caused role trust policy statements to be evaluated incorrectly.
https://www.stedi.com/blog/stedi-discovered-an-aws-access-vulnerability
#aws
The Stedi team discovered a vulnerability in STS that caused role trust policy statements to be evaluated incorrectly.
https://www.stedi.com/blog/stedi-discovered-an-aws-access-vulnerability
#aws
👍3🔥1😱1
🔶 Detecting and remediating inactive user accounts with Amazon Cognito
A solution that uses serverless technologies to track and disable inactive user accounts.
https://aws.amazon.com/ru/blogs/security/detecting-and-remediating-inactive-user-accounts-with-amazon-cognito/
#aws
A solution that uses serverless technologies to track and disable inactive user accounts.
https://aws.amazon.com/ru/blogs/security/detecting-and-remediating-inactive-user-accounts-with-amazon-cognito/
#aws
👍5❤1🔥1
Permiso started a series of blog posts that will walk through some of MITRE's ATT&CK Matrix, diving deep into cloud-based techniques. The first post of this series covers Cloud Administration Command.
https://permiso.io/blog/an-adversary-adventure-with-cloud-administration-command
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3🔥2❤1
🔶 Amazon AppFlow vulnerabilities: Undocumented API allowed reading partial secrets, SSRF in WooCommerce connector
This vulnerability allowed anyone to steal secrets managed by AppFlow in any AWS account.
https://ronin.ae/news/amazon-appflow-vulnerabilities/
#aws
This vulnerability allowed anyone to steal secrets managed by AppFlow in any AWS account.
https://ronin.ae/news/amazon-appflow-vulnerabilities/
#aws
👍3❤1🔥1
🔶 S3 Bucket Encryption Doesn't Work The Way You Think It Works
Let's try all the different S3 encryption options, see why it's more like access control than encryption, and why that matters.
https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/
#aws
Let's try all the different S3 encryption options, see why it's more like access control than encryption, and why that matters.
https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/
#aws
👍2🔥1😱1
A Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.
https://www.microsoft.com/en-us/security/blog/2024/04/16/new-microsoft-guidance-for-the-dod-zero-trust-strategy/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
🔶 Integrate Kubernetes policy-as-code solutions into Security Hub
A solution to send policy violations from PaC solutions using Kubernetes policy report format (for example, using Kyverno) or from Gatekeeper's constraints status directly to AWS Security Hub.
https://aws.amazon.com/ru/blogs/security/integrate-kubernetes-policy-as-code-solutions-into-security-hub/
(Use VPN to open from Russia)
#aws
A solution to send policy violations from PaC solutions using Kubernetes policy report format (for example, using Kyverno) or from Gatekeeper's constraints status directly to AWS Security Hub.
https://aws.amazon.com/ru/blogs/security/integrate-kubernetes-policy-as-code-solutions-into-security-hub/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 Our Journey Migrating to AWS IMDSv2
Slack moved their entire fleet and tools to IMDSv2. In this article, they discuss the pitfalls of using IMDSv1 and their journey towards fully migrating to IMDSv2.
https://slack.engineering/our-journey-migrating-to-aws-imdsv2/
#aws
Slack moved their entire fleet and tools to IMDSv2. In this article, they discuss the pitfalls of using IMDSv1 and their journey towards fully migrating to IMDSv2.
https://slack.engineering/our-journey-migrating-to-aws-imdsv2/
#aws
👍4❤1🔥1
🔶 Using an Undocumented Amplify API to Leak AWS Account IDs
Writeup for a technique that allowed to leak an AWS account ID from an Amplify app.
https://frichetten.com/blog/undocumented-amplify-api-leak-account-id/
#aws
Writeup for a technique that allowed to leak an AWS account ID from an Amplify app.
https://frichetten.com/blog/undocumented-amplify-api-leak-account-id/
#aws
👍2❤1🔥1
AHHHZURE is an automated deployment noscript that creates a vulnerable Azure cloud lab for offensive security practitioners and enthusiasts to brush up their cloud sec skills.
https://github.com/gladstomych/AHHHZURE
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3🔥2👍1
🔶 npk
NPK is a distributed hash-cracking platform built entirely of serverless components in AWS including Cognito, DynamoDB, and S3. It was designed for easy deployment and the intuitive UI brings high-power hash-cracking to everyone.
https://github.com/c6fc/npk
#aws
NPK is a distributed hash-cracking platform built entirely of serverless components in AWS including Cognito, DynamoDB, and S3. It was designed for easy deployment and the intuitive UI brings high-power hash-cracking to everyone.
https://github.com/c6fc/npk
#aws
🔥4❤1👍1
Microsoft Incident Response experts have created a guide on using Windows Internals for forensic investigations.
https://www.microsoft.com/en-us/security/blog/2024/04/23/new-microsoft-incident-response-guide-helps-simplify-cyberthreat-investigations/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🔥2👍1
When an AML workspace is created, by default, the Storage Account is publicly accessible using the access key.
https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/you-cant-see-me-achieving-stealthy-persistence-in-azure-machine-learning
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been attacked and would have had no indication of the activity.
https://trustedsec.com/blog/full-disclosure-a-look-at-a-recently-patched-microsoft-graph-logging-bypass-graphninja
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤1👍1
This blog explains how reply URLs in Azure Applications can be used as a vector for phishing. The impact of this can range from data leaks to complete tenant takeover; just by luring a victim into clicking on a link.
https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3❤1👍1
🔶 How an empty S3 bucket can make your AWS bill explode
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
(Use VPN to open from Russia)
#aws
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
(Use VPN to open from Russia)
#aws
👍3❤1🔥1