🔶 What's the worst place to leave your secrets?
A research into what happens to AWS credentials that are left in public places.
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
#aws
A research into what happens to AWS credentials that are left in public places.
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
#aws
👍4❤1🔥1
🔶 Achieving Zero Trust Security on Amazon EKS with Istio
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.
https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/
(Use VPN to open from Russia)
#aws
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.
https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔶 Automatically replicate your card payment keys across AWS Regions
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.
https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/
(Use VPN to open from Russia)
#aws
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.
https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔴 Instant snapshots: protect Compute Engine workloads from errors and corruption
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.
https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots
#gcp
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.
https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots
#gcp
❤2👍2🔥1
EclecticIQ analysts discovered ransomware operations by SCATTERED SPIDER targeting cloud infrastructures within the insurance and financial sectors.
https://blog.eclecticiq.com/ransomware-in-the-cloud-scattered-spider-targeting-insurance-and-financial-industries
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤1🔥1
🔶 CloudGoat Official Walkthrough Series: glue_privesc
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
#aws
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
#aws
👍6❤1🔥1
This article discusses how attackers can exploit Microsoft applications to gain unauthorized privilege elevation in Active Directory environments, highlighting risks and providing mitigation strategies for administrators to protect against such threats.
https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🔥2❤1
🔶 A SaaS provider's guide to securely integrating with customers' AWS accounts
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.
https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/
#aws
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.
https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/
#aws
👍2❤1🔥1
🔶 Hacking misconfigured AWS S3 buckets: A complete guide
Some of the most common security misconfigurations in AWS S3 buckets.
https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide
#aws
Some of the most common security misconfigurations in AWS S3 buckets.
https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide
#aws
👍2❤1🔥1
🔶🔷🔴 Cloud Logging Tips and Tricks
Post which reviews different log types and unveils some tricks to optimize logging configuration without straining budgets.
https://www.wiz.io/blog/cloud-logging-tips-and-tricks
#aws #azure #gcp
Post which reviews different log types and unveils some tricks to optimize logging configuration without straining budgets.
https://www.wiz.io/blog/cloud-logging-tips-and-tricks
#aws #azure #gcp
👍3❤1🔥1
When users create a private fork of a public repository and then commit data to the private fork, all of their private commits are publicly visible.
https://trufflesecurity.com/blog/you-can-access-private-azure-devops-repo-data
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍2🔥1
🔴 Transitive Access Abuse - Data Exfiltration via Document AI
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project and write to an attacker-controlled location.
https://www.vectra.ai/blog/transitive-access-abuse-data-exfiltration-via-document-ai
#gcp
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project and write to an attacker-controlled location.
https://www.vectra.ai/blog/transitive-access-abuse-data-exfiltration-via-document-ai
#gcp
👍3❤1🔥1
AUs are a useful method for creating scoped Entra ID role assignments. However, this scoping also offers juicy new methods for anyone looking to persist quietly in an Azure tenant.
https://securitylabs.datadoghq.com/articles/abusing-entra-id-administrative-units/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤1👍1
🔶 A few notes on AWS Nitro Enclaves: Attack surface
Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.
https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/
#aws
Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.
https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/
#aws
👍4❤2🔥1
This article explores techniques for backdooring Azure Automation Account packages and runtime environments. It covers creating malicious packages, exploiting package dependencies, and manipulating runtime environments to gain persistent access and execute arbitrary code within Azure Automation Accounts.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/backdooring-azure-automation-account-packages-and-runtime-environments/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1🔥1
🔶 Gaining AWS Persistence by Updating a SAML Identity Provider
If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider.
https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5
#aws
If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider.
https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5
#aws
👍3🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🔴 CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool.
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
#gcp
Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool.
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
#gcp
🔥3❤1👍1
🔶 Managing identity source transition for AWS IAM Identity Center
Post walking through the process of switching from one identity source to another and provides sample code that you can use to assist with the transition.
https://aws.amazon.com/ru/blogs/security/managing-identity-source-transition-for-aws-iam-identity-center/
(Use VPN to open from Russia)
#aws
Post walking through the process of switching from one identity source to another and provides sample code that you can use to assist with the transition.
https://aws.amazon.com/ru/blogs/security/managing-identity-source-transition-for-aws-iam-identity-center/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
Permiso has found that some attackers are using hijacked LLM infrastructure to power highly inappropriate AI chatbot services.
https://permiso.io/blog/exploiting-hosted-models
#aws
Permiso has found that some attackers are using hijacked LLM infrastructure to power highly inappropriate AI chatbot services.
https://permiso.io/blog/exploiting-hosted-models
#aws
👍3❤1🔥1
🔶 Keep track of AWS user activity with SourceIdentity attribute
How to use the SourceIdentity attribute in STS to trace all user activity in AssumeRole sessions back to corporate identities such as usernames or email addresses.
https://redcanary.com/blog/threat-detection/aws-sourceidentity/
#aws
How to use the SourceIdentity attribute in STS to trace all user activity in AssumeRole sessions back to corporate identities such as usernames or email addresses.
https://redcanary.com/blog/threat-detection/aws-sourceidentity/
#aws
👍4❤1🔥1
🔶 AWS: VPC Flow Logs, NAT Gateways, and Kubernetes Pods - a detailed overview
Post covering what is a NAT Gateway, what are VPC Flow Logs, and how to use them with Kubernetes.
https://itnext.io/aws-vpc-flow-logs-nat-gateways-and-kubernetes-pods-a-detailed-overview-43a6541bcc35
(Use VPN to open from Russia)
#aws
Post covering what is a NAT Gateway, what are VPC Flow Logs, and how to use them with Kubernetes.
https://itnext.io/aws-vpc-flow-logs-nat-gateways-and-kubernetes-pods-a-detailed-overview-43a6541bcc35
(Use VPN to open from Russia)
#aws
👍2❤1🔥1