🔶 Understanding AWS Networking: A Guide for Network Engineers

This article provides an overview of AWS networking concepts for network engineers, covering VPCs, subnets, route tables, Internet Gateways, NAT Gateways, and security groups.

https://www.robertdemeyer.com/post/understanding-aws-networking-a-guide-for-network-engineers

#aws

🔶 Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

Preventing anonymous privilege escalation via misconfigured OIDC roles: defensive strategies and AWS's improvements.

https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess

#aws

🔶 Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.

https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/

#aws

🔶 Emerging phishing campaign targeting AWS accounts

The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages.

https://www.wiz.io/blog/emerging-phishing-campaign-targeting-aws-accounts

#aws

🔶 AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment

Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse.

https://medium.com/@adammesser_51095/cloud-digital-forensics-and-incident-response-aws-iam-privilege-escalation-leads-to-ec2-2d787a4e99a7

#aws

🔶 The Hunt for ALBeast: A Technical Walkthrough

A configuration-based vulnerability hidden within thousands of applications using the AWS ALB authentication feature.

https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast

#aws

🔶 An AWS IAM Security Tooling Reference

A guide to tools for auditing AWS IAM.

https://ramimac.me/aws-iam-tools-2024

#aws

🔶 Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

An extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/

#aws

🔶 AWS IAM: A Comprehensive Guide Toward Least Privilege

Some AWS mechanisms we can use to achieve more robust permissions on AWS: Organizations, SCPs, IAM Access Analyzer, permission boundaries, and more.

https://cyscale.com/blog/aws-iam-least-privilege/

#aws

🔶 Exposing Security Observability Gaps in AWS Native Security Tooling

Post exploring the limitations and effectiveness of AWS IAM Access Analyzer in detecting publicly exposed resources across various AWS services.

https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws

#aws

🔶 Industrial IAM Service Role Creation

A guide to tools for creating AWS IAM service roles.

https://ramimac.me/iam-service-roles

#aws

🔶 My Methodology to AWS Detection Engineering (Part 1: Object Selection)

This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.

https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html

#aws

🔶 My Methodology to AWS Detection Engineering (Part 2: Risk Assignment)

Post focusing on the key components that make up the risk assignment rule.

https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html

#aws

🔴 Announcing Terraform Google Provider 6.0.0

Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes.

https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/

#gcp

🔶 What's the worst place to leave your secrets?

A research into what happens to AWS credentials that are left in public places.

https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/

#aws

🔶 Achieving Zero Trust Security on Amazon EKS with Istio

Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.

https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/

(Use VPN to open from Russia)

#aws

🔶 Automatically replicate your card payment keys across AWS Regions

A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.

https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/

(Use VPN to open from Russia)

#aws

🔴 Instant snapshots: protect Compute Engine workloads from errors and corruption

Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.

https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots

#gcp

🔶 CloudGoat Official Walkthrough Series: glue_privesc

This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.

https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/

#aws