🔷 Azure-Pentest

A collection of resources and notes useful for pentest and red team engagements against Azure.

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md

#azure

🔴 Automate Your Security in GCP with Serverless Computing

Talk exploring serverless open source tools and other cloud-native options that allow you to automate your cloud security without the need for human interaction.

https://youtu.be/jCQTeglIfeI

#gcp

🔷 Coordinated disclosure of vulnerability in Azure Container Instances Service

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers information in the ACI service. Microsoft's investigation surfaced no unauthorized access to customer data. You can also check the original post disclosing the vulnerability and another that explains What to do? to address it.

https://msrc-blog.microsoft.com/2021/09/08/coordinated-disclosure-of-vulnerability-in-azure-container-instances-service/

#azure

🔴 Bypassing GCP Org Policy with Custom Metadata

Google makes use of custom metadata to authorize access to AI Notebooks and their web UIs. Individuals granted access via custom metadata need not have any IAM permissions on the compute instance, on the service account running the Notebook or even be a member of the Organization. This kind of authorization bypasses a specific Organization Policy Constraint which restricts cross-domain resource sharing.

https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html

#gcp

🔶 AWS Authentication: Principals in AWS IAM

Newcomers to AWS can sometimes get confused by what it means to have AWS credentials. This article aims to explain the basics of AWS authentication, that is, the way you gain an identity that you can use to access AWS services.

https://ben11kehoe.medium.com/principals-in-aws-iam-38c4a3dc322a

#aws

🔷 Agent Exposes Azure Customers To Unauthorized Code Execution

Azure customers on Linux machines - which account for over half of all Azure instances according to Microsoft - are at risk if they use any of the services relying on OMI (Open Management Infrastructure), a Windows Management Infrastructure (WMI) for UNIX/Linux systems. The RCE is the simplest RCE you can ever imagine: simply remove the auth header and you are root. This Twitter thread is also useful to understand the impact of this flaw.

https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution

#azure

🔶 IAM Vulnerable - An AWS IAM Privilege Escalation Playground

The IAM Vulnerable tool helps you learn how to identify and then exploit intentionally vulnerable IAM configurations that allow for privilege escalation.

https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground

#aws

🔶 AWS federation comes to GitHub Actions

GitHub Actions has a new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.

https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html

#aws

🔶 CVE-2021-38112: AWS WorkSpaces Remote Code Execution

A vulnerability in the AWS WorkSpaces desktop client (CVE-2021-38112), which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.

https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/

#aws

🔷 Escalating Azure Privileges with the Log Analytics Contributor Role

A (now fixed) privilege escalation that allowed an Azure AD user to escalate from the Log Analytics Contributor role to a full Subscription Contributor role.

https://www.netspi.com/blog/technical/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/

#azure

🔶 Revisiting Lambda Persistence

As an attacker, Serverless environments are a very different target when compared with their traditional server-based counterparts. Even gaining remote code execution, which would normally spur a race to escalate privileges, has a very different connotation.

https://frichetten.com/blog/revisiting_lambda_persistence/

#aws

🔷 10 Common Security Issues when Migrating from On Premises to Azure

This article is focused on the security risks involved in a cloud migration, and provides a compilation of common security anti-patterns and best practices for architects only familiar with traditional on-premise data centers to follow.

https://www.praetorian.com/blog/migrating-to-azure/

#azure

🔶 Control The Blast Radius Of Your Lambda Functions With An IAM Permissions Boundary

A great benefit of building Lambda-based applications is that the security best practice of least privilege can be applied at a very granular level, the individual Lambda function.

https://www.iampulse.com/t/control-the-blast-radius-of-your-lambda-functions-with-an-iam-permissions-boundary

#aws

🔷 It's tough being an Azure fan

Even as a user and somewhat of a fan of the Azure technology, it is proving increasing difficult to recommend.

https://alexhudson.com/2021/09/17/its-tough-being-an-azure-fan/

#azure

🔶 Securely Decoupling Kubernetes-based Applications on Amazon EKS using Kafka with SASL/SCRAM

Post exploring a Go-based application deployed to Kubernetes using Amazon EKS. The microservices that comprise the application communicate asynchronously by producing and consuming events from Amazon Managed Streaming for Apache Kafka (Amazon MSK).

https://itnext.io/securely-decoupling-applications-on-amazon-eks-using-kafka-with-sasl-scram-48c340e1ffe9

#aws

🔶 Announcing Terraform AWS Cloud Control Provider Tech Preview

A new provider for Terraform, built around the AWS Cloud Control API, is designed to bring new services to Terraform faster.

https://www.hashicorp.com/blog/announcing-terraform-aws-cloud-control-provider-tech-preview

#aws

🔴 Improve your security posture with new Overly Permissive Firewall Rule Insights

Google introduced a new module within Firewall Insights called "Overly Permissive Firewall Rule Insights", which allows customers to rely on GCP to automatically analyze massive amounts of firewall logs and generate easy-to-understand insights and recommendations to help them optimize their firewall configurations and improve their network security posture.

https://cloud.google.com/blog/products/gcp/use-firewall-insights-to-improve-security-posture

#gcp

🔷 Azure Security Roadmap

What do you do when you're handed a pile of new-to-you Azure accounts to secure?

https://www.coffeehousecoders.org/blog/azure_security_roadmap.html

#azure

🔶 Serverless Policy Enforcement: Connecting OPA and AWS Lambda

Recent updates to the project aim to better integrate OPA with serverless architectures and other infrastructure with intermittent compute.

https://blog.openpolicyagent.org/serverless-policy-enforcement-connecting-opa-and-aws-lambda-e624f7176a3

#aws

🔴 Org Policies by default

An opinionated list of common organization policies you should use in Google Cloud.

https://medium.com/google-cloud/org-policies-by-default-3adc0c8925b0

#gcp

🔷 Azure Service Authentication and Authorization table

A table for reviewing service authentication and authorization security in Azure, especially cross-service security.

https://github.com/jsa2/aad-auth-n-z

#azure