🔶 Industrial IAM Service Role Creation
A guide to tools for creating AWS IAM service roles.
https://ramimac.me/iam-service-roles
#aws
A guide to tools for creating AWS IAM service roles.
https://ramimac.me/iam-service-roles
#aws
❤3🔥1😱1
🔶 My Methodology to AWS Detection Engineering (Part 1: Object Selection)
This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html
#aws
This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html
#aws
👍4❤2🔥2
🔶 My Methodology to AWS Detection Engineering (Part 2: Risk Assignment)
Post focusing on the key components that make up the risk assignment rule.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html
#aws
Post focusing on the key components that make up the risk assignment rule.
https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html
#aws
🔥4👍2❤1
🔴 Announcing Terraform Google Provider 6.0.0
Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes.
https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/
#gcp
Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes.
https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/
#gcp
👍4❤1🔥1
🔶 What's the worst place to leave your secrets?
A research into what happens to AWS credentials that are left in public places.
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
#aws
A research into what happens to AWS credentials that are left in public places.
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
#aws
👍4❤1🔥1
🔶 Achieving Zero Trust Security on Amazon EKS with Istio
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.
https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/
(Use VPN to open from Russia)
#aws
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.
https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔶 Automatically replicate your card payment keys across AWS Regions
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.
https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/
(Use VPN to open from Russia)
#aws
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.
https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔴 Instant snapshots: protect Compute Engine workloads from errors and corruption
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.
https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots
#gcp
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.
https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots
#gcp
❤2👍2🔥1
EclecticIQ analysts discovered ransomware operations by SCATTERED SPIDER targeting cloud infrastructures within the insurance and financial sectors.
https://blog.eclecticiq.com/ransomware-in-the-cloud-scattered-spider-targeting-insurance-and-financial-industries
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤1🔥1
🔶 CloudGoat Official Walkthrough Series: glue_privesc
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
#aws
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
#aws
👍6❤1🔥1
This article discusses how attackers can exploit Microsoft applications to gain unauthorized privilege elevation in Active Directory environments, highlighting risks and providing mitigation strategies for administrators to protect against such threats.
https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🔥2❤1
🔶 A SaaS provider's guide to securely integrating with customers' AWS accounts
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.
https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/
#aws
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.
https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/
#aws
👍2❤1🔥1
🔶 Hacking misconfigured AWS S3 buckets: A complete guide
Some of the most common security misconfigurations in AWS S3 buckets.
https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide
#aws
Some of the most common security misconfigurations in AWS S3 buckets.
https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide
#aws
👍2❤1🔥1
🔶🔷🔴 Cloud Logging Tips and Tricks
Post which reviews different log types and unveils some tricks to optimize logging configuration without straining budgets.
https://www.wiz.io/blog/cloud-logging-tips-and-tricks
#aws #azure #gcp
Post which reviews different log types and unveils some tricks to optimize logging configuration without straining budgets.
https://www.wiz.io/blog/cloud-logging-tips-and-tricks
#aws #azure #gcp
👍3❤1🔥1
When users create a private fork of a public repository and then commit data to the private fork, all of their private commits are publicly visible.
https://trufflesecurity.com/blog/you-can-access-private-azure-devops-repo-data
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍2🔥1
🔴 Transitive Access Abuse - Data Exfiltration via Document AI
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project and write to an attacker-controlled location.
https://www.vectra.ai/blog/transitive-access-abuse-data-exfiltration-via-document-ai
#gcp
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project and write to an attacker-controlled location.
https://www.vectra.ai/blog/transitive-access-abuse-data-exfiltration-via-document-ai
#gcp
👍3❤1🔥1
AUs are a useful method for creating scoped Entra ID role assignments. However, this scoping also offers juicy new methods for anyone looking to persist quietly in an Azure tenant.
https://securitylabs.datadoghq.com/articles/abusing-entra-id-administrative-units/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤1👍1
🔶 A few notes on AWS Nitro Enclaves: Attack surface
Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.
https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/
#aws
Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.
https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/
#aws
👍4❤2🔥1
This article explores techniques for backdooring Azure Automation Account packages and runtime environments. It covers creating malicious packages, exploiting package dependencies, and manipulating runtime environments to gain persistent access and execute arbitrary code within Azure Automation Accounts.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/backdooring-azure-automation-account-packages-and-runtime-environments/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1🔥1
🔶 Gaining AWS Persistence by Updating a SAML Identity Provider
If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider.
https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5
#aws
If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider.
https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5
#aws
👍3🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🔴 CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool.
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
#gcp
Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool.
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
#gcp
🔥3❤1👍1