🔴 Escalating Privileges in Google Cloud via Open Groups

How an attacker can escalate their privileges in Google Cloud by leveraging weak group join settings for groups that have been granted roles in GCP.

https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/

#gcp

🔶 Revealing the Inner Structure of AWS Session Tokens

A post sharing code and tools to programmatically analyze and modify AWS Session Tokens.

https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7

(Use VPN to open from Russia)

#aws

🔶 Automate monitoring for your Amazon EKS cluster using CloudWatch Container Insights

How to implement Amazon EKS monitoring and alerting using a custom solution that automates EKS observability capabilities for dynamic performance metrics.

https://aws.amazon.com/ru/blogs/infrastructure-and-automation/automate-monitoring-for-your-amazon-eks-cluster-using-cloudwatch-container-insights/

(Use VPN to open from Russia)

#aws

🔴 Why You Should Disable Your Unauthenticated GKE Read-only Ports

Google recommends organizations proactively disable their unauthenticated GKE read-only port 10255. Read more about why this is important and how to ensure all read-only ports are disabled.

https://orca.security/resources/blog/disable-unauthenticated-read-ports-gke-kubelet-servers/

#gcp

🔶 Federated access to Amazon Athena using AWS IAM Identity Center

How to use the Athena JDBC driver to connect to Athena from third-party SQL client tools.

https://aws.amazon.com/ru/blogs/security/federated-access-to-amazon-athena-using-aws-iam-identity-center/

(Use VPN to open from Russia)

#aws

🔶 Tenant portability: Move tenants across tiers in a SaaS application

Key considerations include maintaining consistent identities, staying compliant, reducing downtime and automating the process.

https://aws.amazon.com/ru/blogs/architecture/tenant-portability-move-tenants-across-tiers-in-a-saas-application/

(Use VPN to open from Russia)

#aws

🔶 SaaS authentication: Identity management with Amazon Cognito user pools

Various ways Amazon Cognito user pools can enable multi-tenant identity for SaaS solutions.

https://aws.amazon.com/ru/blogs/security/saas-authentication-identity-management-with-amazon-cognito-user-pools/

(Use VPN to open from Russia)

#aws

🔶 Understanding AWS Networking: A Guide for Network Engineers

This article provides an overview of AWS networking concepts for network engineers, covering VPCs, subnets, route tables, Internet Gateways, NAT Gateways, and security groups.

https://www.robertdemeyer.com/post/understanding-aws-networking-a-guide-for-network-engineers

#aws

🔶 Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

Preventing anonymous privilege escalation via misconfigured OIDC roles: defensive strategies and AWS's improvements.

https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess

#aws

🔶 Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.

https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/

#aws

🔶 Emerging phishing campaign targeting AWS accounts

The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages.

https://www.wiz.io/blog/emerging-phishing-campaign-targeting-aws-accounts

#aws

🔶 AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment

Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse.

https://medium.com/@adammesser_51095/cloud-digital-forensics-and-incident-response-aws-iam-privilege-escalation-leads-to-ec2-2d787a4e99a7

#aws

🔶 The Hunt for ALBeast: A Technical Walkthrough

A configuration-based vulnerability hidden within thousands of applications using the AWS ALB authentication feature.

https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast

#aws

🔶 An AWS IAM Security Tooling Reference

A guide to tools for auditing AWS IAM.

https://ramimac.me/aws-iam-tools-2024

#aws

🔶 Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

An extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/

#aws

🔶 AWS IAM: A Comprehensive Guide Toward Least Privilege

Some AWS mechanisms we can use to achieve more robust permissions on AWS: Organizations, SCPs, IAM Access Analyzer, permission boundaries, and more.

https://cyscale.com/blog/aws-iam-least-privilege/

#aws

🔶 Exposing Security Observability Gaps in AWS Native Security Tooling

Post exploring the limitations and effectiveness of AWS IAM Access Analyzer in detecting publicly exposed resources across various AWS services.

https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws

#aws

🔶 Industrial IAM Service Role Creation

A guide to tools for creating AWS IAM service roles.

https://ramimac.me/iam-service-roles

#aws

🔶 My Methodology to AWS Detection Engineering (Part 1: Object Selection)

This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.

https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html

#aws