🔶 Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.
https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/
#aws
The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.
https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/
#aws
👍2❤1🔥1
🔶 Emerging phishing campaign targeting AWS accounts
The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages.
https://www.wiz.io/blog/emerging-phishing-campaign-targeting-aws-accounts
#aws
The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages.
https://www.wiz.io/blog/emerging-phishing-campaign-targeting-aws-accounts
#aws
🔥3❤1👍1
🔶 AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment
Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse.
https://medium.com/@adammesser_51095/cloud-digital-forensics-and-incident-response-aws-iam-privilege-escalation-leads-to-ec2-2d787a4e99a7
#aws
Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse.
https://medium.com/@adammesser_51095/cloud-digital-forensics-and-incident-response-aws-iam-privilege-escalation-leads-to-ec2-2d787a4e99a7
#aws
👍3❤1🔥1
🔶 The Hunt for ALBeast: A Technical Walkthrough
A configuration-based vulnerability hidden within thousands of applications using the AWS ALB authentication feature.
https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast
#aws
A configuration-based vulnerability hidden within thousands of applications using the AWS ALB authentication feature.
https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast
#aws
👍2❤1🔥1
🔶 An AWS IAM Security Tooling Reference
A guide to tools for auditing AWS IAM.
https://ramimac.me/aws-iam-tools-2024
#aws
A guide to tools for auditing AWS IAM.
https://ramimac.me/aws-iam-tools-2024
#aws
🔥4❤2👍1
🔶 Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
An extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
#aws
An extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
#aws
A phishing toolkit that runs serverless on Azure, based on Azure Functions to phish some Entra ID credentials and cookies.
https://nicolasuter.medium.com/aitm-phishing-with-azure-functions-a1530b52df05
(Use VPN to open from Russia)
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
🔶 AWS IAM: A Comprehensive Guide Toward Least Privilege
Some AWS mechanisms we can use to achieve more robust permissions on AWS: Organizations, SCPs, IAM Access Analyzer, permission boundaries, and more.
https://cyscale.com/blog/aws-iam-least-privilege/
#aws
Some AWS mechanisms we can use to achieve more robust permissions on AWS: Organizations, SCPs, IAM Access Analyzer, permission boundaries, and more.
https://cyscale.com/blog/aws-iam-least-privilege/
#aws
👍2❤1🔥1
🔶 Exposing Security Observability Gaps in AWS Native Security Tooling
Post exploring the limitations and effectiveness of AWS IAM Access Analyzer in detecting publicly exposed resources across various AWS services.
https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws
#aws
Post exploring the limitations and effectiveness of AWS IAM Access Analyzer in detecting publicly exposed resources across various AWS services.
https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws
#aws
👍4❤1🔥1
🔶 Industrial IAM Service Role Creation
A guide to tools for creating AWS IAM service roles.
https://ramimac.me/iam-service-roles
#aws
A guide to tools for creating AWS IAM service roles.
https://ramimac.me/iam-service-roles
#aws
❤3🔥1😱1
🔶 My Methodology to AWS Detection Engineering (Part 1: Object Selection)
This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html
#aws
This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html
#aws
👍4❤2🔥2
🔶 My Methodology to AWS Detection Engineering (Part 2: Risk Assignment)
Post focusing on the key components that make up the risk assignment rule.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html
#aws
Post focusing on the key components that make up the risk assignment rule.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html
#aws
🔥4👍2❤1
🔴 Announcing Terraform Google Provider 6.0.0
Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes.
https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/
#gcp
Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes.
https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/
#gcp
👍4❤1🔥1
🔶 What's the worst place to leave your secrets?
A research into what happens to AWS credentials that are left in public places.
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
#aws
A research into what happens to AWS credentials that are left in public places.
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
#aws
👍4❤1🔥1
🔶 Achieving Zero Trust Security on Amazon EKS with Istio
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.
https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/
(Use VPN to open from Russia)
#aws
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.
https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔶 Automatically replicate your card payment keys across AWS Regions
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.
https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/
(Use VPN to open from Russia)
#aws
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.
https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔴 Instant snapshots: protect Compute Engine workloads from errors and corruption
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.
https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots
#gcp
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.
https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots
#gcp
❤2👍2🔥1
EclecticIQ analysts discovered ransomware operations by SCATTERED SPIDER targeting cloud infrastructures within the insurance and financial sectors.
https://blog.eclecticiq.com/ransomware-in-the-cloud-scattered-spider-targeting-insurance-and-financial-industries
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤1🔥1
🔶 CloudGoat Official Walkthrough Series: glue_privesc
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
#aws
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
#aws
👍6❤1🔥1
This article discusses how attackers can exploit Microsoft applications to gain unauthorized privilege elevation in Active Directory environments, highlighting risks and providing mitigation strategies for administrators to protect against such threats.
https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🔥2❤1
🔶 A SaaS provider's guide to securely integrating with customers' AWS accounts
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.
https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/
#aws
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.
https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/
#aws
👍2❤1🔥1