This media is not supported in your browser
VIEW IN TELEGRAM
🔴🔸Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform
OpenCSPM is an open-source platform developed by Darkbit that aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that can even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.
https://darkbit.io/blog/announcing-opencspm
#aws #gcp
OpenCSPM is an open-source platform developed by Darkbit that aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that can even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.
https://darkbit.io/blog/announcing-opencspm
#aws #gcp
🔸AWS Network Firewall – New Managed Firewall Service in VPC
AWS Network Firewall lets you protect your VPC with your choice of stateless and stateful firewall rules that can inspect packets bidirectionally and even perform outbound URL filtering:
https://aws.amazon.com/ru/blogs/aws/aws-network-firewall-new-managed-firewall-service-in-vpc/
#aws
AWS Network Firewall lets you protect your VPC with your choice of stateless and stateful firewall rules that can inspect packets bidirectionally and even perform outbound URL filtering:
https://aws.amazon.com/ru/blogs/aws/aws-network-firewall-new-managed-firewall-service-in-vpc/
#aws
Forwarded from Svetlana Borodina
Public clouds most wanted: Azure skies or nasty dice? Webinar on November 25 at 16.00
At the webinar, experts will discuss the main issues of information security in public clouds and key aspects in it's protection. We will show a live demo of Check Point's Dome9, a Cloud Security Posture Management (CSPM) solution that automates governance across multi-cloud assets and services including visualization and assessment of security posture, misconfiguration detection, and enforcement of security best practices and compliance frameworks.
Issues for discussion:
📍 How not to lose control over resources settings in a public cloud
📍 How to protect against unauthorized changes and dangerous settings of public services and it's
📍 How to safely use microservices and kubernetes without creating additional risks for the company
Registration: https://events.webinar.ru/jet/cloudsecurity2511
At the webinar, experts will discuss the main issues of information security in public clouds and key aspects in it's protection. We will show a live demo of Check Point's Dome9, a Cloud Security Posture Management (CSPM) solution that automates governance across multi-cloud assets and services including visualization and assessment of security posture, misconfiguration detection, and enforcement of security best practices and compliance frameworks.
Issues for discussion:
📍 How not to lose control over resources settings in a public cloud
📍 How to protect against unauthorized changes and dangerous settings of public services and it's
📍 How to safely use microservices and kubernetes without creating additional risks for the company
Registration: https://events.webinar.ru/jet/cloudsecurity2511
Forwarded from Технологический Болт Генона
Take automated actions on your Security Command Center findings:
- Automatically create disk snapshots to enable forensic investigations.
- Revoke IAM grants that violate your desired policy.
- Notify other systems such as PagerDuty, Slack or email.
- See the full list of automations for more information.
You're in control:
- Service account runs with lowest permission needed granted at granularity you specify.
- You control which projects are enforced by each automation.
- Every action is logged to StackDriver and is easily auditable.
- Can be run in monitor mode where actions are logged only.
Security Response Automation
https://github.com/GoogleCloudPlatform/security-response-automation
🔸AWS access keys leak in GitHub repository and some improvements in Amazon reaction
Post testing Amazon's reaction to a case of leaked access keys, with analysis of the recent "AWSCompromisedKeyQuarantine" policy used to contain them.
https://rzepsky.medium.com/aws-access-keys-leak-in-github-repository-and-some-improvements-in-amazon-reaction-cc2e20e89003
🔸Learning from AWS (Customer) Security Incidents
Really interesting run through of real life security breaches that have happened to the AWS environments of high profile companies.
https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents
#aws
Post testing Amazon's reaction to a case of leaked access keys, with analysis of the recent "AWSCompromisedKeyQuarantine" policy used to contain them.
https://rzepsky.medium.com/aws-access-keys-leak-in-github-repository-and-some-improvements-in-amazon-reaction-cc2e20e89003
🔸Learning from AWS (Customer) Security Incidents
Really interesting run through of real life security breaches that have happened to the AWS environments of high profile companies.
https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents
#aws
Medium
AWS Access Keys Leak in GitHub Repository and Some Improvements in Amazon Reaction
AWS access keys leak via public code repository is quite known security problem. So common, that popular version control systems offer for…
🔸AWS Control Tower By Example
A hands-on walk-through of the the easiest way to set up and govern a secure, compliant, multi-account AWS environment based on best practices.
#aws
A hands-on walk-through of the the easiest way to set up and govern a secure, compliant, multi-account AWS environment based on best practices.
#aws
🔷 awesome-azure-security
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
https://github.com/kmcquade/awesome-azure-security
#azure
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
https://github.com/kmcquade/awesome-azure-security
#azure
🔸Evilginx-ing into the cloud: How we detected a red team attack in AWS
Another interesting walk through from the Expel team on a red team exercise they recently spotted in a customer's AWS cloud environment.
https://expel.io/blog/evilginx-into-cloud-detected-red-team-attack-in-aws/
#aws
Another interesting walk through from the Expel team on a red team exercise they recently spotted in a customer's AWS cloud environment.
https://expel.io/blog/evilginx-into-cloud-detected-red-team-attack-in-aws/
#aws
Expel
Evilginx-ing into the cloud: How we detected a red team attack in AWS - Expel
Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.
🔹Privilege Escalation in AKS Clusters
Read access to ConfigMaps by default allowed privilege escalation in Microsoft's Kubernetes AKS.
https://medium.com/sse-blog/privilege-escalation-in-aks-clusters-18222ab53f28
#azure
Read access to ConfigMaps by default allowed privilege escalation in Microsoft's Kubernetes AKS.
https://medium.com/sse-blog/privilege-escalation-in-aks-clusters-18222ab53f28
#azure
Medium
Privilege Escalation in AKS Clusters
Default AKS cluster stores admin credentials in Kubernetes ConfigMap
🔸"I took a first pass at mapping out how AWS security services all connect to one another and where to categorize them."
https://twitter.com/0xdabbad00/status/1336494125617541120
#aws
https://twitter.com/0xdabbad00/status/1336494125617541120
#aws
🔸Netflix/consoleme
New tool from the Netflix cloud security team that “strives to be a multi-account AWS swiss-army knife, making AWS easier for your end-users and cloud administrators.”
- Consolidates the management of multiple accounts into a single web UI.
- Allows your end-users and admins to get credentials / console access to your different AWS accounts, depending on their authorization level.
- Provides mechanisms for end-users and admins to both request and manage permissions for IAM roles, S3 buckets, SQS queues, and SNS topics.
- A self-service wizard is also provided to guide users into requesting the permissions they desire.
https://github.com/Netflix/consoleme
#aws
New tool from the Netflix cloud security team that “strives to be a multi-account AWS swiss-army knife, making AWS easier for your end-users and cloud administrators.”
- Consolidates the management of multiple accounts into a single web UI.
- Allows your end-users and admins to get credentials / console access to your different AWS accounts, depending on their authorization level.
- Provides mechanisms for end-users and admins to both request and manage permissions for IAM roles, S3 buckets, SQS queues, and SNS topics.
- A self-service wizard is also provided to guide users into requesting the permissions they desire.
https://github.com/Netflix/consoleme
#aws
GitHub
GitHub - Netflix/consoleme: A Central Control Plane for AWS Permissions and Access
A Central Control Plane for AWS Permissions and Access - Netflix/consoleme
🔸AWS Systems Manager Attack and defense strategies
Post covering multiple aspects of Systems Manager, Documents and how to protect and detect techniques leveraging its "Run Command".
https://blog.karims.cloud/2020/12/08/ssm-attack-and-defense-strategies.html
#aws
Post covering multiple aspects of Systems Manager, Documents and how to protect and detect techniques leveraging its "Run Command".
https://blog.karims.cloud/2020/12/08/ssm-attack-and-defense-strategies.html
#aws
Personal notes on Cybersecurity and Cloud
AWS Systems Manager Attack and defense strategies
Background AWS Systems Manager is long known for its “Run Command” allowing an attacker to move from AWS API Access to compromise instances that may be within the network. This post will try to cover multiple aspects of Systems Manager, Documents and how…
🔸AWS Audit Manager Simplifies Audit Preparation
Audit Manager is a new AWS service that “provides prebuilt frameworks for common industry standards and regulations, and automates the continual collection of evidence to help you in preparing for an audit.”
https://aws.amazon.com/blogs/aws/aws-audit-manager-simplifies-audit-preparation/
#aws
Audit Manager is a new AWS service that “provides prebuilt frameworks for common industry standards and regulations, and automates the continual collection of evidence to help you in preparing for an audit.”
https://aws.amazon.com/blogs/aws/aws-audit-manager-simplifies-audit-preparation/
#aws
Amazon
AWS Audit Manager Simplifies Audit Preparation | Amazon Web Services
Gathering evidence in a timely manner to support an audit can be a significant challenge due to manual, error-prone, and sometimes, distributed processes. If your business is subject to compliance requirements, preparing for an audit can cause significant…
🔸Gaining Persistency on Vulnerable Lambdas
What can an attacker do if they found a Remote Code Execution (RCE) vulnerability in a Lambda function?
https://unit42.paloaltonetworks.com/gaining-persistency-vulnerable-lambdas/
#aws
What can an attacker do if they found a Remote Code Execution (RCE) vulnerability in a Lambda function?
https://unit42.paloaltonetworks.com/gaining-persistency-vulnerable-lambdas/
#aws
Unit 42
Gaining Persistency on Vulnerable Lambdas
Serverless Security AWS Lambda was released in 2014 and introduced a new cloud execution model – serverless computing, which is now widely adopted. Since
🔴Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths
The Praetorian team uncovered a GCP risk scenario in which privileges in a compromised service can be used to further escalate privileges.
https://www.praetorian.com/blog/google-cloud-platform-gcp-service-account-based-privilege-escalation-paths
#gcp
The Praetorian team uncovered a GCP risk scenario in which privileges in a compromised service can be used to further escalate privileges.
https://www.praetorian.com/blog/google-cloud-platform-gcp-service-account-based-privilege-escalation-paths
#gcp
Forwarded from Технологический Болт Генона
Azure Kubernetes (AKS) Security Best Practices
Part 1: Designing Secure Clusters and Container Images
https://www.stackrox.com/post/2020/01/azure-kubernetes-aks-security-best-practices-part-1-of-4/
Part 2: Networking
https://www.stackrox.com/post/2020/02/azure-kubernetes-aks-security-best-practices-part-2-of-4/
Part 3: Runtime Security
https://www.stackrox.com/post/2020/02/azure-kubernetes-aks-security-best-practices-part-3-of-4/
Part 4: Cluster Maintenance
https://www.stackrox.com/post/2020/03/azure-kubernetes-aks-security-best-practices-part-4-of-4/
Part 1: Designing Secure Clusters and Container Images
https://www.stackrox.com/post/2020/01/azure-kubernetes-aks-security-best-practices-part-1-of-4/
Part 2: Networking
https://www.stackrox.com/post/2020/02/azure-kubernetes-aks-security-best-practices-part-2-of-4/
Part 3: Runtime Security
https://www.stackrox.com/post/2020/02/azure-kubernetes-aks-security-best-practices-part-3-of-4/
Part 4: Cluster Maintenance
https://www.stackrox.com/post/2020/03/azure-kubernetes-aks-security-best-practices-part-4-of-4/
www.stackrox.io
Azure Kubernetes (AKS) Security Best Practices Part 1 of 4: Designing Secure Clusters and Container Images | StackRox Community
In this article (part 1 of 4), we discuss what you need to know to securely create your AKS clusters and container images.
🔸Lesser Known Techniques for Attacking AWS Environments
"This post will discuss lesser known attack techniques that I would use in attacking AWS accounts and conclude with a discussion of defenses. A common theme among many of these concepts is abusing trust, whether that is incorrectly trusting attacker controlled resources hosted on AWS, or the trust relationships between accounts or within an account.
I’ll discuss a few techniques in gaining initial access, recon, lateral movement between accounts, and data exfiltration."
https://tldrsec.com/blog/lesser-known-aws-attacks/
#aws
"This post will discuss lesser known attack techniques that I would use in attacking AWS accounts and conclude with a discussion of defenses. A common theme among many of these concepts is abusing trust, whether that is incorrectly trusting attacker controlled resources hosted on AWS, or the trust relationships between accounts or within an account.
I’ll discuss a few techniques in gaining initial access, recon, lateral movement between accounts, and data exfiltration."
https://tldrsec.com/blog/lesser-known-aws-attacks/
#aws
🔹Azure Security Basics: Log Analytics, Security Center, and Sentinel
Log Analytics, Sentinel, and ATP can produce a complete picture of your Azure authentication border defenses, virtual server happenings, and everything in between them.
https://www.blackhillsinfosec.com/azure-security-basics-log-analytics-security-center-and-sentinel/
#azure
Log Analytics, Sentinel, and ATP can produce a complete picture of your Azure authentication border defenses, virtual server happenings, and everything in between them.
https://www.blackhillsinfosec.com/azure-security-basics-log-analytics-security-center-and-sentinel/
#azure
Black Hills Information Security, Inc.
Azure Security Basics: Log Analytics, Security Center, and Sentinel - Black Hills Information Security, Inc.
Jordan Drysdale // TL;DR The problem with a pentester’s perspective on defense, hunting, and security: Lab demographics versus scale. If it costs $15 bucks per month per server for me […]
🔹CrowdStrike Reporting Tool for Azure (CRT)
A tool which helps organizations quickly and easily review excessive permissions in their Azure AD environments, helps determine configuration weaknesses, and provides advice to mitigate risk.
https://github.com/CrowdStrike/CRT
#azure
A tool which helps organizations quickly and easily review excessive permissions in their Azure AD environments, helps determine configuration weaknesses, and provides advice to mitigate risk.
https://github.com/CrowdStrike/CRT
#azure
GitHub
GitHub - CrowdStrike/CRT: Contact: CRT@crowdstrike.com
Contact: CRT@crowdstrike.com. Contribute to CrowdStrike/CRT development by creating an account on GitHub.
🔸AWS Lambda $LATEST is dangerous
You should always use function versioning. You should almost always use function aliases, which have a handful of benefits involving metrics in CloudWatch, IAM permissions, traffic-shifting, etc.
https://awsteele.com/blog/2020/12/24/aws-lambda-latest-is-dangerous.html
#aws
You should always use function versioning. You should almost always use function aliases, which have a handful of benefits involving metrics in CloudWatch, IAM permissions, traffic-shifting, etc.
https://awsteele.com/blog/2020/12/24/aws-lambda-latest-is-dangerous.html
#aws
Aidan Steele’s blog (usually about AWS)
AWS Lambda $LATEST is dangerous
AWS Lambda has supported function versions since October 2015, only a couple of months after the service itself was publicly launched. Versions are an optional feature - you can develop and use Lambda functions without versioning, in which case you are working…