Microsoft Incident Response experts have created a guide on using Windows Internals for forensic investigations.
https://www.microsoft.com/en-us/security/blog/2024/04/23/new-microsoft-incident-response-guide-helps-simplify-cyberthreat-investigations/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🔥2👍1
When an AML workspace is created, by default, the Storage Account is publicly accessible using the access key.
https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/you-cant-see-me-achieving-stealthy-persistence-in-azure-machine-learning
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been attacked and would have had no indication of the activity.
https://trustedsec.com/blog/full-disclosure-a-look-at-a-recently-patched-microsoft-graph-logging-bypass-graphninja
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤1👍1
This blog explains how reply URLs in Azure Applications can be used as a vector for phishing. The impact of this can range from data leaks to complete tenant takeover; just by luring a victim into clicking on a link.
https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3❤1👍1
🔶 How an empty S3 bucket can make your AWS bill explode
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
(Use VPN to open from Russia)
#aws
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 terraform-aws-slackbot
A simple, serverless back end for your Slack app.
https://github.com/amancevice/terraform-aws-slackbot
#aws
A simple, serverless back end for your Slack app.
https://github.com/amancevice/terraform-aws-slackbot
#aws
👍3❤1🔥1
🔶 AWS CloudQuarry: Digging for Secrets in Public AMIs
Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI they managed to collect 500 GB of credentials, private repositories, access keys and more.
https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/
#aws
Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI they managed to collect 500 GB of credentials, private repositories, access keys and more.
https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/
#aws
👍2❤1🔥1
🔶 Detecting Manual Actions in EKS Clusters with Terraform and SNS
How to set up audit alerts and monitoring for manual actions in EKS resources, such as ClusterRoleBinding or Secret creation or deletion.
https://medium.com/@seifeddinerajhi/detecting-manual-actions-in-eks-clusters-with-terraform-and-sns-65397416c1f9
(Use VPN to open from Russia)
#aws
How to set up audit alerts and monitoring for manual actions in EKS resources, such as ClusterRoleBinding or Secret creation or deletion.
https://medium.com/@seifeddinerajhi/detecting-manual-actions-in-eks-clusters-with-terraform-and-sns-65397416c1f9
(Use VPN to open from Russia)
#aws
👍3🔥2❤1
🔶 AWS Application Load Balancer mTLS with open-source cloud CA
A step-by-step guide on implementing mTLS for AWS Application Load Balancer using an open-source cloud CA.
https://medium.com/@paulschwarzenberger/aws-application-load-balancer-mtls-with-open-source-cloud-ca-277cb40d60c7
(Use VPN to open from Russia)
#aws
A step-by-step guide on implementing mTLS for AWS Application Load Balancer using an open-source cloud CA.
https://medium.com/@paulschwarzenberger/aws-application-load-balancer-mtls-with-open-source-cloud-ca-277cb40d60c7
(Use VPN to open from Russia)
#aws
👍3🔥2❤1
🔴 Introducing Google Security Operations: Intel-driven, AI-powered SecOps
At RSA, Google announced AI innovations across the Google Cloud Security portfolio, including Google Threat Intelligence, and the latest release of Google Security Operations
https://cloud.google.com/blog/products/identity-security/introducing-google-security-operations-intel-driven-ai-powered-secops-at-rsa/
#gcp
At RSA, Google announced AI innovations across the Google Cloud Security portfolio, including Google Threat Intelligence, and the latest release of Google Security Operations
https://cloud.google.com/blog/products/identity-security/introducing-google-security-operations-intel-driven-ai-powered-secops-at-rsa/
#gcp
👍3❤2🔥1
This blog post covers various strategies and methodologies to help understand the scope and complexity of how threat actors' manoeuvre within Azure subnoscriptions.
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/hunting-in-azure-subnoscriptions/ba-p/4125875
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3🔥2❤1
🔶 Monitoring your EKS clusters audit logs
A plugin has replaced the way Falco consumes the Audit Logs generated by a K8s API server. With these plugins, Falco covers more in depth the aspects of your infrastructure and allows you to use a single syntax for rules.
https://falco.org/blog/k8saudit-eks-plugin/
#aws
A plugin has replaced the way Falco consumes the Audit Logs generated by a K8s API server. With these plugins, Falco covers more in depth the aspects of your infrastructure and allows you to use a single syntax for rules.
https://falco.org/blog/k8saudit-eks-plugin/
#aws
👍2❤1🔥1
🔶 Governing and securing AWS PrivateLink service access at scale in multi-account environments
A way to create preventative controls through the use of service control policies (SCPs) and detective controls through event-driven automation.
https://aws.amazon.com/ru/blogs/security/governing-and-securing-aws-privatelink-service-access-at-scale-in-multi-account-environments/
#aws
A way to create preventative controls through the use of service control policies (SCPs) and detective controls through event-driven automation.
https://aws.amazon.com/ru/blogs/security/governing-and-securing-aws-privatelink-service-access-at-scale-in-multi-account-environments/
#aws
❤2👍2🔥1
🔶 Investigating lateral movements with Amazon Detective investigation and Security Lake integration
How you can use the Amazon Detective Investigation feature to investigate IAM user and role activity and use the Security Lake integration to determine the specific EC2 instances a threat actor appeared to be targeting.
https://aws.amazon.com/ru/blogs/security/investigating-lateral-movements-with-amazon-detective-investigation-and-security-lake-integration/
#aws
How you can use the Amazon Detective Investigation feature to investigate IAM user and role activity and use the Security Lake integration to determine the specific EC2 instances a threat actor appeared to be targeting.
https://aws.amazon.com/ru/blogs/security/investigating-lateral-movements-with-amazon-detective-investigation-and-security-lake-integration/
#aws
👍2❤1🔥1
🔴 Automatically disabling leaked service account keys: What you need to know
Starting June 16, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers.
https://cloud.google.com/blog/products/identity-security/automatically-disabling-leaked-service-account-keys-what-you-need-to-know
#gcp
Starting June 16, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers.
https://cloud.google.com/blog/products/identity-security/automatically-disabling-leaked-service-account-keys-what-you-need-to-know
#gcp
👍2❤1🔥1
🔶 How to use AWS managed applications with IAM Identity Center: Enable Amazon Q without migrating existing IAM federation flows
How you can enable Identity Center and use AWS managed applications, such as Amazon Q, without migrating existing IAM federation flows to Identity Center.
https://aws.amazon.com/ru/blogs/security/how-to-use-aws-managed-applications-with-iam-identity-center/
#aws
How you can enable Identity Center and use AWS managed applications, such as Amazon Q, without migrating existing IAM federation flows to Identity Center.
https://aws.amazon.com/ru/blogs/security/how-to-use-aws-managed-applications-with-iam-identity-center/
#aws
👍2❤1🔥1
🔶👩💻 Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 2
To prevent abuse against the use of Snapshot Creation, Instance Creation and Instance Deletion features within cloud environments, security teams and cyber-defenders must ensure that proper monitoring and logging services are enabled across all cloud providers they utilize.
https://permiso.io/blog/unmasking-adversary-cloud-defense-evasion-strategies-modify-cloud-compute-infrastructure-part-2-detections-and-mitigations
#aws #azure
To prevent abuse against the use of Snapshot Creation, Instance Creation and Instance Deletion features within cloud environments, security teams and cyber-defenders must ensure that proper monitoring and logging services are enabled across all cloud providers they utilize.
https://permiso.io/blog/unmasking-adversary-cloud-defense-evasion-strategies-modify-cloud-compute-infrastructure-part-2-detections-and-mitigations
#aws #azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
🔶 Tactical Cloud Audit Log Analysis with DuckDB
Using DuckDB to query Cloud Provider audit logs when you don't have a SIEM available.
https://dev.to/aws-builders/tactical-cloud-audit-log-analysis-with-duckdb-aws-cloudtrail-2amk
#aws
Using DuckDB to query Cloud Provider audit logs when you don't have a SIEM available.
https://dev.to/aws-builders/tactical-cloud-audit-log-analysis-with-duckdb-aws-cloudtrail-2amk
#aws
👍3❤1🔥1
🔶 The Best Way to Start with AWS Security Hub
AWS Security Hub is an awesome tool for creating a native, organization-wide security feed. Learn how to set it up right from the start, for the lowest cost.
https://slaw.securosis.com/p/best-way-start-aws-security-hub
#aws
AWS Security Hub is an awesome tool for creating a native, organization-wide security feed. Learn how to set it up right from the start, for the lowest cost.
https://slaw.securosis.com/p/best-way-start-aws-security-hub
#aws
👍2❤1🔥1
🔶 AWS Cloud Incident Analysis Query Cheatsheet
A cheatsheet for analyzing AWS cloud incidents using CloudTrail with AWS Athena.
https://securosis.com/blog/aws-cloud-incident-analysis-query-cheatsheet/
#aws
A cheatsheet for analyzing AWS cloud incidents using CloudTrail with AWS Athena.
https://securosis.com/blog/aws-cloud-incident-analysis-query-cheatsheet/
#aws
👍3❤2🔥1
🔴 Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets
Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches.
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
#gcp
Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches.
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
#gcp
❤4👍1🔥1