🔶 Vulnerable AWS Lambda function - Initial access in cloud attacks

How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.

https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/

#aws

🔴 Creating your first GCP Organization

A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.

https://www.chrisfarris.com/post/gcp-create-domain/

#gcp

🔶 GitHub Actions - Update on OIDC based deployments to AWS

If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint!

https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/

#aws

🔶 Top 10 security best practices for securing backups in AWS

This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations in AWS.

https://aws.amazon.com/ru/blogs/security/top-10-security-best-practices-for-securing-backups-in-aws/

#aws

🔶 How I Discovered Thousands of Open Databases on AWS

A writeup describing the journey on finding and reporting databases with sensitive data about Fortune-500 companies, hospitals, crypto platforms, startups, and more.

https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32

#aws

🔶 Catalog of AWS Customer Security Incidents

This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause.

https://github.com/ramimac/aws-customer-security-incidents

#aws

🔶 Kubernetes protection in Amazon GuardDuty

GuardDuty can now monitor Kubernetes clusters within your AWS environment.

https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html

#aws

🔶 Why you need to update your risky default EMR managed roles and policies

Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.

https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies

#aws

🔶 Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM

How to get authentication working correctly in EKS from the beginning.

https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM

#aws

🔶 Attack trend alert: AWS-themed credential phishing technique

They're at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users.

https://expel.com/blog/attack-trend-alert-aws-themed-credential-phishing-technique

#aws

🔶 Bypassing the AWS WAF protection with an 8KB bullet

The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.

https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation

#aws

🔴 GCP - Specifying an expiry time for user-managed keys

It is now (finally!) possible to specify a default expiry for service account keys.

https://cloud.google.com/iam/docs/service-accounts#key-expiry

#gcp

🔶 Ransomware-resistant backups with duplicity and AWS S3

Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.

https://www.franzoni.eu/ransomware-resistant-backups

#aws

🔶 AWS IAM: Best practices [Part 1]

Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.

https://www.iampulse.com/articles/aws-iam-best-practices-part-1

#aws

🔷 Understanding and Protecting local authentication for Azure services - Part 1

The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.

https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f

#azure

🔶 A "Safety Net" for AWS Canarytokens

AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.

https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html

#aws

🔴 Auditing GKE operations? Configure Data Access audit logs

The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs.

https://padlock.argh.in/2022/02/10/gke-audit.html

#gcp

🔶 Elastic and AWS Serverless Application Repository (SAR)

How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3.

https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3

#aws

🔶 Terraform AWS Provider 4.0 Refactors S3 Bucket Resource

Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long.

https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource

#aws

🔷 10 ways of gaining control over Azure function Apps

Some techniques for taking over Azure Function Apps.

https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6

#azure

🔶 imdsv2_wall_of_shame

List of vendors that do not allow IMDSv2 enforcement.

https://github.com/SummitRoute/imdsv2_wall_of_shame

#aws