🔶 Using CloudTrail to identify unexpected behaviors in individual workloads
A practical approach that you can use to detect anomalous behaviors within AWS workloads by using behavioral analysis techniques that can be used to augment existing threat detection solutions.
https://aws.amazon.com/ru/blogs/security/using-cloudtrail-to-identify-unexpected-behaviors-in-individual-workloads/
#aws
A practical approach that you can use to detect anomalous behaviors within AWS workloads by using behavioral analysis techniques that can be used to augment existing threat detection solutions.
https://aws.amazon.com/ru/blogs/security/using-cloudtrail-to-identify-unexpected-behaviors-in-individual-workloads/
#aws
Amazon
Using CloudTrail to identify unexpected behaviors in individual workloads | Amazon Web Services
In this post, we describe a practical approach that you can use to detect anomalous behaviors within Amazon Web Services (AWS) cloud workloads by using behavioral analysis techniques that can be used to augment existing threat detection solutions. Anomaly…
🙂 Dear friends,
Happy New Year 2022! 🎅
We wish you personal and career success. Stay with us. Next year we will continue to delight you with only high-quality content!
#HappyNewYear
Happy New Year 2022! 🎅
We wish you personal and career success. Stay with us. Next year we will continue to delight you with only high-quality content!
#HappyNewYear
🔷 NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
Another vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.
https://blog.wiz.io/azure-app-service-source-code-leak/
#azure
Another vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.
https://blog.wiz.io/azure-app-service-source-code-leak/
#azure
wiz.io
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories | Wiz Blog
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.
🔴 Cloud-Native Ransomware Protection in GCP
The five pillars of the NIST CSF help create a layered security approach to the fight against ransomware.
https://scalesec.com/blog/cloud-native-ransomware-protection-gcp/
#gcp
The five pillars of the NIST CSF help create a layered security approach to the fight against ransomware.
https://scalesec.com/blog/cloud-native-ransomware-protection-gcp/
#gcp
Scalesec
Cloud-Native Ransomware Protection in GCP | ScaleSec
GCP Cloud-Native way to fend off ransomware.
🔶 Get Email Notification On AWS IAM User Creation
Example CloudWatch rule and Lambda function to send an email via SES whenever an IAM user is created.
https://www.iampulse.com/t/get-email-notification-on-aws-iam-user-creation
#aws
Example CloudWatch rule and Lambda function to send an email via SES whenever an IAM user is created.
https://www.iampulse.com/t/get-email-notification-on-aws-iam-user-creation
#aws
🔷 Azure AD & IAM (Part II) ' Leveraging Managed Identities For Privilege Escalation
How to escalate privileges in Azure from low-privileged users to managed-identities.
https://orca.security/resources/blog/azure-ad-iam-part-ii-leveraging-managed-identities-for-privilege-escalation/
#azure
How to escalate privileges in Azure from low-privileged users to managed-identities.
https://orca.security/resources/blog/azure-ad-iam-part-ii-leveraging-managed-identities-for-privilege-escalation/
#azure
Orca Security
Azure AD & IAM (Part II) - Managed Identities - Orca Security
In the second part of the Orca blog post series about Azure AD and IAM, we share our research on leveraging managed identities for privilege escalation.
🔴 Impersonate the Cloud: Running your app locally as if you were on Google Cloud
Some ways to securely run an app locally with the exact same context as on Google Cloud.
https://www.iampulse.com/t/impersonate-the-cloud-running-your-app-locally-as-if-you-were-on-google-cloud
#gcp
Some ways to securely run an app locally with the exact same context as on Google Cloud.
https://www.iampulse.com/t/impersonate-the-cloud-running-your-app-locally-as-if-you-were-on-google-cloud
#gcp
🔶 2 Critical Cloud Vulnerabilities to Convince You to Move to the Cloud
The Orca Security Research Team wrote about 2 critical zero-day vulnerabilities affecting AWS: Superglue and BreakingFormation. These vulnerabilities could've allowed unauthorized access to customer data and/or sensitive code and data within AWS.
https://orca.security/resources/blog/two-critical-cloud-vulnerabilities/
#aws
The Orca Security Research Team wrote about 2 critical zero-day vulnerabilities affecting AWS: Superglue and BreakingFormation. These vulnerabilities could've allowed unauthorized access to customer data and/or sensitive code and data within AWS.
https://orca.security/resources/blog/two-critical-cloud-vulnerabilities/
#aws
Orca Security
Superglue: AWS Glue Vulnerability | Orca Research Pod
Orca's Team discovered a vulnerability in AWS Glue, named Superglue, that could allow an actor to create resources and access data of AWS Glue customers.
🔷 Persistence with Azure Policy Guest Configuration
Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.
https://cloudbrothers.info/en/azure-persistence-azure-policy-guest-configuration/
#azure
Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.
https://cloudbrothers.info/en/azure-persistence-azure-policy-guest-configuration/
#azure
🔶 Recover your AWS account via Customer Support
A Twitter thread on how to get AWS Customer Support to remove MFA from your root account.
https://twitter.com/jrhunt/status/1478935811336798211?s=12
#aws
A Twitter thread on how to get AWS Customer Support to remove MFA from your root account.
https://twitter.com/jrhunt/status/1478935811336798211?s=12
#aws
Twitter
Randall Hunt
This is a funny story/thread about getting the MFA removed from my root AWS account from 2008. I no longer had access to the phone number on the account but I still had a working IAM user and still had access to the email. You can recover by getting some…
🔶 Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario
A vulnerable "modern AWS DevOps environment" with an API, simulated user activity, and a continuous deployment pipeline.
https://blog.christophetd.fr/implementing-a-vulnerable-aws-devops-environment-as-a-cloudgoat-scenario/
#aws
A vulnerable "modern AWS DevOps environment" with an API, simulated user activity, and a continuous deployment pipeline.
https://blog.christophetd.fr/implementing-a-vulnerable-aws-devops-environment-as-a-cloudgoat-scenario/
#aws
Christophe Tafani-Dereeper
Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario - Christophe Tafani-Dereeper
I’m a huge fan of disposable security labs, both for offensive and defensive purposes (see: Automating the provisioning of Active Directory labs in Azure). After writing Cloud Security Breaches and Vulnerabilities: 2021 in Review, I wanted to build a “purposely…
🔴 Geofencing a Globally Load Balanced service on GCP using Cloud Armor
How to use Cloud Armor to geofence a website/service running on GCP using Cloud Run, Google Cloud Storage (GCS) and the Global HTTP(S) Load Balancer.
https://medium.com/google-cloud/geofencing-a-globally-load-balanced-service-on-gcp-using-cloud-armor-44099480fd00
#gcp
How to use Cloud Armor to geofence a website/service running on GCP using Cloud Run, Google Cloud Storage (GCS) and the Global HTTP(S) Load Balancer.
https://medium.com/google-cloud/geofencing-a-globally-load-balanced-service-on-gcp-using-cloud-armor-44099480fd00
#gcp
🔶 Vulnerable AWS Lambda function - Initial access in cloud attacks
How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
#aws
How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
#aws
Sysdig
Lambda Threat – Best Practices for Lambda Security | Sysdig
The security research team explains the attack scenario with a vulnerable AWS Lambda function could be a threat used by attackers.
🔴 Creating your first GCP Organization
A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.
https://www.chrisfarris.com/post/gcp-create-domain/
#gcp
A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.
https://www.chrisfarris.com/post/gcp-create-domain/
#gcp
https://www.chrisfarris.com/
Creating your first GCP Organization - Chris Farris
A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.
🔶 GitHub Actions - Update on OIDC based deployments to AWS
If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint!
https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/
#aws
If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint!
https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/
#aws
🔶 Top 10 security best practices for securing backups in AWS
This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations in AWS.
https://aws.amazon.com/ru/blogs/security/top-10-security-best-practices-for-securing-backups-in-aws/
#aws
This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations in AWS.
https://aws.amazon.com/ru/blogs/security/top-10-security-best-practices-for-securing-backups-in-aws/
#aws
Amazon
Top 10 security best practices for securing backups in AWS | Amazon Web Services
Security is a shared responsibility between AWS and the customer. Customers have asked for ways to secure their backups in AWS. This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations…
🔶 How I Discovered Thousands of Open Databases on AWS
A writeup describing the journey on finding and reporting databases with sensitive data about Fortune-500 companies, hospitals, crypto platforms, startups, and more.
https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32
#aws
A writeup describing the journey on finding and reporting databases with sensitive data about Fortune-500 companies, hospitals, crypto platforms, startups, and more.
https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32
#aws
Medium
How I Discovered Thousands of Open Databases on AWS
My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…
🔶 Catalog of AWS Customer Security Incidents
This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause.
https://github.com/ramimac/aws-customer-security-incidents
#aws
This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause.
https://github.com/ramimac/aws-customer-security-incidents
#aws
GitHub
GitHub - ramimac/aws-customer-security-incidents: A repository of breaches of AWS customers
A repository of breaches of AWS customers. Contribute to ramimac/aws-customer-security-incidents development by creating an account on GitHub.
🔶 Kubernetes protection in Amazon GuardDuty
GuardDuty can now monitor Kubernetes clusters within your AWS environment.
https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html
#aws
GuardDuty can now monitor Kubernetes clusters within your AWS environment.
https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html
#aws
Amazon
GuardDuty EKS Protection - Amazon GuardDuty
Learn how GuardDuty can monitor EKS clusters within your AWS environment.
🔶 Why you need to update your risky default EMR managed roles and policies
Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.
https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies
#aws
Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.
https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies
#aws
blog.lightspin.io
Why you need to update your risky default EMR managed roles and policies
In this blog we examine EMR's default roles and managed policies to understand if they follow security best practices of least privileges.
🔶 Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM
How to get authentication working correctly in EKS from the beginning.
https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
#aws
How to get authentication working correctly in EKS from the beginning.
https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
#aws
Nextlinklabs
Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM | NextLink Labs
Deploying a shiny new EKS cluster running the latest version of Kubernetes isn’t the hardest task in the world. On the other hand, setting up the authentic