A Python reconnaissance tool designed to discover Azure services and attribute tenant ownership information based on their responses.
https://github.com/NetSPI/ATEAM
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 boto3-refresh-session
A simple Python package for refreshing AWS temporary credentials in boto3 automatically
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
A simple Python package for refreshing AWS temporary credentials in boto3 automatically
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
❤1👍1🔥1
🔶🔷🔴 Dear, cloud family!
Wishing you a New Year filled with innovative solutions, seamless deployments, and sky‑high success! May your cloud infrastructure be always resilient and your downtime — zero. Happy New Year 2026!
We'll be taking a short break and returning in a few days to bring you new, professional content.
#HappyNewYear
Wishing you a New Year filled with innovative solutions, seamless deployments, and sky‑high success! May your cloud infrastructure be always resilient and your downtime — zero. Happy New Year 2026!
We'll be taking a short break and returning in a few days to bring you new, professional content.
#HappyNewYear
❤2👍2🔥1
🔶 What is EC2 Instance Attestation
EC2 Instance Attestation extends attestable scope from Nitro Enclaves' container environment to entire EC2 instances, enabling greater capabilities like GPU access. However, it requires proactive hardening versus Enclaves' secure-by-default design and more complex deployment through Attestable AMIs.
https://blog.richardfan.xyz/2025/12/18/what-is-ec2-instance-attestation.html
#aws
EC2 Instance Attestation extends attestable scope from Nitro Enclaves' container environment to entire EC2 instances, enabling greater capabilities like GPU access. However, it requires proactive hardening versus Enclaves' secure-by-default design and more complex deployment through Attestable AMIs.
https://blog.richardfan.xyz/2025/12/18/what-is-ec2-instance-attestation.html
#aws
🔥2❤1👍1
Vulnerable SaaS apps could enable attackers to pivot back into Microsoft 365, endangering your entire Microsoft 365 estate.
https://www.semperis.com/blog/noauth-abuse-update-pivot-into-microsoft-365/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
The cookie crumbled when it expired, but the attack path didn't. Learn how BloodHound graph analysis and Azure Seamless SSO enabled pivoting into the cloud.
https://specterops.io/blog/2025/12/11/azure-seamless-sso-when-cookie-theft-doesnt-cut-it/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2❤1👍1
🔶 BadPods Series: Everything Allowed on AWS EKS
How to exploit misconfigured Kubernetes pods on AWS EKS using BishopFox's BadPods "everything-allowed" manifest. Shows container escape via chroot, lateral movement using nsenter, and cloud credential theft via IMDS.
https://cybersecnerds.com/badpods-series-everything-allowed-on-aws-eks/
#aws
How to exploit misconfigured Kubernetes pods on AWS EKS using BishopFox's BadPods "everything-allowed" manifest. Shows container escape via chroot, lateral movement using nsenter, and cloud credential theft via IMDS.
https://cybersecnerds.com/badpods-series-everything-allowed-on-aws-eks/
#aws
❤1👍1🔥1
🔶 pathfinding cloud
An AWS IAM Privilege Escalation Path Library. You can also refer to the companion blog post.
https://github.com/DataDog/pathfinding.cloud
#aws
An AWS IAM Privilege Escalation Path Library. You can also refer to the companion blog post.
https://github.com/DataDog/pathfinding.cloud
#aws
❤1👍1🔥1
🔶 Unauthenticated Cluster Takeover in AWS ROSA
A critical vulnerability in AWS ROSA Classic allowed unauthenticated attackers to discover clusters via Certificate Transparency logs, extract cluster UUIDs and owner emails from unauthenticated endpoints, initiate unauthorized cluster transfers, and escalate to AWS account access through ROSA's IAM roles.
https://blog.ryanjarv.sh/2026/01/05/unauth-aws-rosa-cluster-takeover.html
(Use VPN to open from Russia)
#aws
A critical vulnerability in AWS ROSA Classic allowed unauthenticated attackers to discover clusters via Certificate Transparency logs, extract cluster UUIDs and owner emails from unauthenticated endpoints, initiate unauthorized cluster transfers, and escalate to AWS account access through ROSA's IAM roles.
https://blog.ryanjarv.sh/2026/01/05/unauth-aws-rosa-cluster-takeover.html
(Use VPN to open from Russia)
#aws
❤2👍1🔥1
⚙ A Brief Deep-Dive into Attacking and Defending Kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.
https://heilancoos.github.io/research/2025/12/16/kubernetes.html
#kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.
https://heilancoos.github.io/research/2025/12/16/kubernetes.html
#kubernetes
❤1👍1🔥1
⚙ Kubernetes v1.35: Restricting executables invoked by kubeconfigs via exec plugin allowList added to kuberc
Kubernetes v1.35 introduces beta support for restricting credential plugin executables via kuberc configuration. Users can set "credentialPluginPolicy" to AllowAll, DenyAll, or Allowlist, with an optional "credentialPluginAllowlist" to specify permitted binaries, enhancing security against supply-chain attacks.
https://kubernetes.io/blog/2026/01/09/kubernetes-v1-35-kuberc-credential-plugin-allowlist/
#kubernetes
Kubernetes v1.35 introduces beta support for restricting credential plugin executables via kuberc configuration. Users can set "credentialPluginPolicy" to AllowAll, DenyAll, or Allowlist, with an optional "credentialPluginAllowlist" to specify permitted binaries, enhancing security against supply-chain attacks.
https://kubernetes.io/blog/2026/01/09/kubernetes-v1-35-kuberc-credential-plugin-allowlist/
#kubernetes
❤1👍1🔥1
Kubernetes 1.35 introduces beta support for CSI drivers to receive service account tokens via the "secrets" field instead of "volume_context", preventing accidental token logging.
https://kubernetes.io/blog/2026/01/07/kubernetes-v1-35-csi-sa-tokens-secrets-field-beta/
#kubernetes
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1