🔶 AWS Authentication: Principals in AWS IAM
Newcomers to AWS can sometimes get confused by what it means to have AWS credentials. This article aims to explain the basics of AWS authentication, that is, the way you gain an identity that you can use to access AWS services.
https://ben11kehoe.medium.com/principals-in-aws-iam-38c4a3dc322a
#aws
Newcomers to AWS can sometimes get confused by what it means to have AWS credentials. This article aims to explain the basics of AWS authentication, that is, the way you gain an identity that you can use to access AWS services.
https://ben11kehoe.medium.com/principals-in-aws-iam-38c4a3dc322a
#aws
Medium
AWS Authentication: Principals in AWS IAM
This article explains the basics of AWS authentication: the way you gain an identity that you can use to access AWS services
🔷 Agent Exposes Azure Customers To Unauthorized Code Execution
Azure customers on Linux machines - which account for over half of all Azure instances according to Microsoft - are at risk if they use any of the services relying on OMI (Open Management Infrastructure), a Windows Management Infrastructure (WMI) for UNIX/Linux systems. The RCE is the simplest RCE you can ever imagine: simply remove the auth header and you are root. This Twitter thread is also useful to understand the impact of this flaw.
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
#azure
Azure customers on Linux machines - which account for over half of all Azure instances according to Microsoft - are at risk if they use any of the services relying on OMI (Open Management Infrastructure), a Windows Management Infrastructure (WMI) for UNIX/Linux systems. The RCE is the simplest RCE you can ever imagine: simply remove the auth header and you are root. This Twitter thread is also useful to understand the impact of this flaw.
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
#azure
Twitter
Kevin Beaumont
Microsoft Azure silently install management agents on your Linux VMs, which now have RCE and LPE vulns. Microsoft don’t have an auto update mechanism, so now you need to manually upgrade the agents you didn’t know existed as you didn’t install them. wiz.io/blog/secret…
🔶 IAM Vulnerable - An AWS IAM Privilege Escalation Playground
The IAM Vulnerable tool helps you learn how to identify and then exploit intentionally vulnerable IAM configurations that allow for privilege escalation.
https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground
#aws
The IAM Vulnerable tool helps you learn how to identify and then exploit intentionally vulnerable IAM configurations that allow for privilege escalation.
https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground
#aws
Bishop Fox
Identify and Exploit Intentionally Vulnerable IAM Configurations
The IAM Vulnerable tool helps you learn how to identify and then exploit intentionally vulnerable IAM configurations that allow for privilege escalation.
🔶 AWS federation comes to GitHub Actions
GitHub Actions has a new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.
https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html
#aws
GitHub Actions has a new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.
https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html
#aws
🔶 CVE-2021-38112: AWS WorkSpaces Remote Code Execution
A vulnerability in the AWS WorkSpaces desktop client (CVE-2021-38112), which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.
https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/
#aws
A vulnerability in the AWS WorkSpaces desktop client (CVE-2021-38112), which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.
https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/
#aws
Rhino Security Labs
CVE-2021-38112: AWS WorkSpaces Remote Code Execution
This blog post details a vulnerability Rhino Security Labs found in AWS WorkSpaces desktop client, tracked as CVE-2021-38112
🔷 Escalating Azure Privileges with the Log Analytics Contributor Role
A (now fixed) privilege escalation that allowed an Azure AD user to escalate from the Log Analytics Contributor role to a full Subscription Contributor role.
https://www.netspi.com/blog/technical/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/
#azure
A (now fixed) privilege escalation that allowed an Azure AD user to escalate from the Log Analytics Contributor role to a full Subscription Contributor role.
https://www.netspi.com/blog/technical/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/
#azure
NetSPI
Escalating Azure Privileges with the Log Analytics Contributor Role
Escalate Azure privileges with the log analytics contributor role. Interested in an Azure pentesting partner? Consider NetSPI.
🔶 Revisiting Lambda Persistence
As an attacker, Serverless environments are a very different target when compared with their traditional server-based counterparts. Even gaining remote code execution, which would normally spur a race to escalate privileges, has a very different connotation.
https://frichetten.com/blog/revisiting_lambda_persistence/
#aws
As an attacker, Serverless environments are a very different target when compared with their traditional server-based counterparts. Even gaining remote code execution, which would normally spur a race to escalate privileges, has a very different connotation.
https://frichetten.com/blog/revisiting_lambda_persistence/
#aws
Frichetten
Revisiting Lambda Persistence
Revisiting and building on the original Lambda persistence technique.
🔷 10 Common Security Issues when Migrating from On Premises to Azure
This article is focused on the security risks involved in a cloud migration, and provides a compilation of common security anti-patterns and best practices for architects only familiar with traditional on-premise data centers to follow.
https://www.praetorian.com/blog/migrating-to-azure/
#azure
This article is focused on the security risks involved in a cloud migration, and provides a compilation of common security anti-patterns and best practices for architects only familiar with traditional on-premise data centers to follow.
https://www.praetorian.com/blog/migrating-to-azure/
#azure
🔶 Control The Blast Radius Of Your Lambda Functions With An IAM Permissions Boundary
A great benefit of building Lambda-based applications is that the security best practice of least privilege can be applied at a very granular level, the individual Lambda function.
https://www.iampulse.com/t/control-the-blast-radius-of-your-lambda-functions-with-an-iam-permissions-boundary
#aws
A great benefit of building Lambda-based applications is that the security best practice of least privilege can be applied at a very granular level, the individual Lambda function.
https://www.iampulse.com/t/control-the-blast-radius-of-your-lambda-functions-with-an-iam-permissions-boundary
#aws
🔷 It's tough being an Azure fan
Even as a user and somewhat of a fan of the Azure technology, it is proving increasing difficult to recommend.
https://alexhudson.com/2021/09/17/its-tough-being-an-azure-fan/
#azure
Even as a user and somewhat of a fan of the Azure technology, it is proving increasing difficult to recommend.
https://alexhudson.com/2021/09/17/its-tough-being-an-azure-fan/
#azure
Alex Hudson
It's tough being an Azure fan
Azure has never been the #1 cloud provider - that spot continues to belong
to AWS, which is the category leader. However, in most people’s minds, it has
been a pretty reasonable #2, and while not necessarily vastly differentiated
from AWS there are enough…
to AWS, which is the category leader. However, in most people’s minds, it has
been a pretty reasonable #2, and while not necessarily vastly differentiated
from AWS there are enough…
🔶 Securely Decoupling Kubernetes-based Applications on Amazon EKS using Kafka with SASL/SCRAM
Post exploring a Go-based application deployed to Kubernetes using Amazon EKS. The microservices that comprise the application communicate asynchronously by producing and consuming events from Amazon Managed Streaming for Apache Kafka (Amazon MSK).
https://itnext.io/securely-decoupling-applications-on-amazon-eks-using-kafka-with-sasl-scram-48c340e1ffe9
#aws
Post exploring a Go-based application deployed to Kubernetes using Amazon EKS. The microservices that comprise the application communicate asynchronously by producing and consuming events from Amazon Managed Streaming for Apache Kafka (Amazon MSK).
https://itnext.io/securely-decoupling-applications-on-amazon-eks-using-kafka-with-sasl-scram-48c340e1ffe9
#aws
🔶 Announcing Terraform AWS Cloud Control Provider Tech Preview
A new provider for Terraform, built around the AWS Cloud Control API, is designed to bring new services to Terraform faster.
https://www.hashicorp.com/blog/announcing-terraform-aws-cloud-control-provider-tech-preview
#aws
A new provider for Terraform, built around the AWS Cloud Control API, is designed to bring new services to Terraform faster.
https://www.hashicorp.com/blog/announcing-terraform-aws-cloud-control-provider-tech-preview
#aws
Hashicorp
Announcing Terraform AWS Cloud Control Provider Tech Preview
This new provider for HashiCorp Terraform — built around the AWS Cloud Control API — is designed to bring new services to Terraform faster.
🔴 Improve your security posture with new Overly Permissive Firewall Rule Insights
Google introduced a new module within Firewall Insights called "Overly Permissive Firewall Rule Insights", which allows customers to rely on GCP to automatically analyze massive amounts of firewall logs and generate easy-to-understand insights and recommendations to help them optimize their firewall configurations and improve their network security posture.
https://cloud.google.com/blog/products/gcp/use-firewall-insights-to-improve-security-posture
#gcp
Google introduced a new module within Firewall Insights called "Overly Permissive Firewall Rule Insights", which allows customers to rely on GCP to automatically analyze massive amounts of firewall logs and generate easy-to-understand insights and recommendations to help them optimize their firewall configurations and improve their network security posture.
https://cloud.google.com/blog/products/gcp/use-firewall-insights-to-improve-security-posture
#gcp
Google Cloud Blog
Use Firewall Insights to improve security posture | Google Cloud Blog
Improve your security posture with the new Overly Permissive Firewall Rule Insights module, based on firewall log analysis.
🔷 Azure Security Roadmap
What do you do when you're handed a pile of new-to-you Azure accounts to secure?
https://www.coffeehousecoders.org/blog/azure_security_roadmap.html
#azure
What do you do when you're handed a pile of new-to-you Azure accounts to secure?
https://www.coffeehousecoders.org/blog/azure_security_roadmap.html
#azure
🔶 Serverless Policy Enforcement: Connecting OPA and AWS Lambda
Recent updates to the project aim to better integrate OPA with serverless architectures and other infrastructure with intermittent compute.
https://blog.openpolicyagent.org/serverless-policy-enforcement-connecting-opa-and-aws-lambda-e624f7176a3
#aws
Recent updates to the project aim to better integrate OPA with serverless architectures and other infrastructure with intermittent compute.
https://blog.openpolicyagent.org/serverless-policy-enforcement-connecting-opa-and-aws-lambda-e624f7176a3
#aws
Medium
Serverless Policy Enforcement: Connecting OPA and AWS Lambda
Open Policy Agent (OPA) provides policy-based control for cloud native environments. It’s commonly used alongside massive projects like…
🔴 Org Policies by default
An opinionated list of common organization policies you should use in Google Cloud.
https://medium.com/google-cloud/org-policies-by-default-3adc0c8925b0
#gcp
An opinionated list of common organization policies you should use in Google Cloud.
https://medium.com/google-cloud/org-policies-by-default-3adc0c8925b0
#gcp
Medium
Org Policies by default
There are currently (October, 2021) more than 60 organization policies in Google Cloud. What would be a list of the more important ones to…
🔷 Azure Service Authentication and Authorization table
A table for reviewing service authentication and authorization security in Azure, especially cross-service security.
https://github.com/jsa2/aad-auth-n-z
#azure
A table for reviewing service authentication and authorization security in Azure, especially cross-service security.
https://github.com/jsa2/aad-auth-n-z
#azure
GitHub
GitHub - jsa2/aad-auth-n-z
Contribute to jsa2/aad-auth-n-z development by creating an account on GitHub.
🔴 Scaling Kubernetes Tenant Management with Hierarchical Namespaces Controller
Post explaining details of Mercari's multitenant Kubernetes architecture, and the issues they faced while migrating from on-premise deployments to containers on GCP by using Google Kubernetes Engine (GKE).
https://engineering.mercari.com/blog/entry/20210930-scaling-kubernetes-tenant-management-with-hierarchical-namespaces-controller/
#gcp
Post explaining details of Mercari's multitenant Kubernetes architecture, and the issues they faced while migrating from on-premise deployments to containers on GCP by using Google Kubernetes Engine (GKE).
https://engineering.mercari.com/blog/entry/20210930-scaling-kubernetes-tenant-management-with-hierarchical-namespaces-controller/
#gcp
Mercari
Scaling Kubernetes Tenant Management with Hierarchical Namespaces Controller
Author: @deeeeeeeet from Platform Developer Experience TeamThree years ago, we took the decision to break our monolithic
🔶 AWS WAF's Dangerous Defaults
AWS WAF's defaults make bypassing trivial in POST requests, even when you enable the AWS Managed Rules.
https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/
#aws
AWS WAF's defaults make bypassing trivial in POST requests, even when you enable the AWS Managed Rules.
https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/
#aws
Osama Elnaggar
AWS WAF’s Dangerous Defaults
AWS WAF’s defaults make bypassing trivial in POST requests, even when you enable the AWS Managed Rules
🔷 Azure Privilege Escalation via Service Principal Abuse
Post explaining how to abuse Service Principals to escalate rights in Azure and how to protect yourself against it.
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
#azure
Post explaining how to abuse Service Principals to escalate rights in Azure and how to protect yourself against it.
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
#azure
SpecterOps
Blog - SpecterOps
Your new best friend: Introducing BloodHound Community Edition!
🔴 VPC Service Controls in Plain English
GCP offers powerful security controls to mitigate API-based data exfiltration called VPC Service Controls. To execute a successful and secure cloud architecture with VPC Service Controls, it is important to understand exactly how they work.
https://scalesec.com/blog/vpc-service-controls-in-plain-english/
#gcp
GCP offers powerful security controls to mitigate API-based data exfiltration called VPC Service Controls. To execute a successful and secure cloud architecture with VPC Service Controls, it is important to understand exactly how they work.
https://scalesec.com/blog/vpc-service-controls-in-plain-english/
#gcp
Scalesec
VPC Service Controls in Plain English | ScaleSec
GCP VPC Service Controls explained for technical and non-technical stakeholders alike.