🔶 Kubernetes protection in Amazon GuardDuty
GuardDuty can now monitor Kubernetes clusters within your AWS environment.
https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html
#aws
GuardDuty can now monitor Kubernetes clusters within your AWS environment.
https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html
#aws
Amazon
GuardDuty EKS Protection - Amazon GuardDuty
Learn how GuardDuty can monitor EKS clusters within your AWS environment.
🔶 Why you need to update your risky default EMR managed roles and policies
Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.
https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies
#aws
Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.
https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies
#aws
blog.lightspin.io
Why you need to update your risky default EMR managed roles and policies
In this blog we examine EMR's default roles and managed policies to understand if they follow security best practices of least privileges.
🔶 Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM
How to get authentication working correctly in EKS from the beginning.
https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
#aws
How to get authentication working correctly in EKS from the beginning.
https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
#aws
Nextlinklabs
Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM | NextLink Labs
Deploying a shiny new EKS cluster running the latest version of Kubernetes isn’t the hardest task in the world. On the other hand, setting up the authentic
🔶 Attack trend alert: AWS-themed credential phishing technique
They're at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users.
https://expel.com/blog/attack-trend-alert-aws-themed-credential-phishing-technique
#aws
They're at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users.
https://expel.com/blog/attack-trend-alert-aws-themed-credential-phishing-technique
#aws
Expel
Attack trend alert: AWS-themed credential phishing technique | Expel
They’re at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users. Find out how our crew identified and triaged a phishing email.
🔶 Bypassing the AWS WAF protection with an 8KB bullet
The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.
https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation
#aws
The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.
https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation
#aws
Kloudle
Find & Fix 350+ security issues in your Cloud with Kloudle.
🔴 GCP - Specifying an expiry time for user-managed keys
It is now (finally!) possible to specify a default expiry for service account keys.
https://cloud.google.com/iam/docs/service-accounts#key-expiry
#gcp
It is now (finally!) possible to specify a default expiry for service account keys.
https://cloud.google.com/iam/docs/service-accounts#key-expiry
#gcp
Google Cloud Documentation
Service accounts overview | Identity and Access Management (IAM) | Google Cloud Documentation
Conceptual and lifecycle information about IAM service accounts.
🔶 Ransomware-resistant backups with duplicity and AWS S3
Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.
https://www.franzoni.eu/ransomware-resistant-backups
#aws
Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.
https://www.franzoni.eu/ransomware-resistant-backups
#aws
Alan's Lair
Ransomware-resistant backups with duplicity and AWS S3
Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.
🔶 AWS IAM: Best practices [Part 1]
Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.
https://www.iampulse.com/articles/aws-iam-best-practices-part-1
#aws
Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.
https://www.iampulse.com/articles/aws-iam-best-practices-part-1
#aws
🔷 Understanding and Protecting local authentication for Azure services - Part 1
The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.
https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f
#azure
The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.
https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f
#azure
Medium
Understanding and Protecting local authentication for Azure services — Part 1
I recently started a series on protecting access in Azure. In a previous post, I covered anonymous access and protecting them. In this…
🔶 A "Safety Net" for AWS Canarytokens
AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.
https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html
#aws
AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.
https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html
#aws
Thinkst Thoughts
A “Safety Net” for AWS Canarytokens
The AWS API Key Canarytoken (paid and free) is a great way to detect attackers who have compromised your infrastructure. The full details are in a previous blogpost, but in short: You go to and gen…
🔴 Auditing GKE operations? Configure Data Access audit logs
The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs.
https://padlock.argh.in/2022/02/10/gke-audit.html
#gcp
The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs.
https://padlock.argh.in/2022/02/10/gke-audit.html
#gcp
Padlock
Auditing GKE operations? Configure Data Access audit logs
Notes about information security, written by Feroz Salam.
🔶 Elastic and AWS Serverless Application Repository (SAR)
How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3.
https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3
#aws
How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3.
https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3
#aws
🔶 Terraform AWS Provider 4.0 Refactors S3 Bucket Resource
Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long.
https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource
#aws
Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long.
https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource
#aws
HashiCorp
Terraform AWS Provider 4.0 Refactors S3 Bucket Resource
Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource.
🔷 10 ways of gaining control over Azure function Apps
Some techniques for taking over Azure Function Apps.
https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6
#azure
Some techniques for taking over Azure Function Apps.
https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6
#azure
Medium
10 ways of gaining control over Azure function Apps
Written by Bill Ben Haim & Zur Ulianitzky — December 20,2021
🔶 imdsv2_wall_of_shame
List of vendors that do not allow IMDSv2 enforcement.
https://github.com/SummitRoute/imdsv2_wall_of_shame
#aws
List of vendors that do not allow IMDSv2 enforcement.
https://github.com/SummitRoute/imdsv2_wall_of_shame
#aws
GitHub
GitHub - SummitRoute/imdsv2_wall_of_shame: List of vendors that do not allow IMDSv2 enforcement
List of vendors that do not allow IMDSv2 enforcement - SummitRoute/imdsv2_wall_of_shame
🔷 Secure Azure Cosmos DB access by using Azure Managed Identities
How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.
https://itnext.io/secure-azure-cosmos-db-access-by-using-azure-managed-identities-55f9fdf48fda?gi=eec46e048be1
#azure
How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.
https://itnext.io/secure-azure-cosmos-db-access-by-using-azure-managed-identities-55f9fdf48fda?gi=eec46e048be1
#azure
Medium
Secure Azure Cosmos DB access by using Azure Managed Identities
Learn how to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.
🔶 AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
Free labs, documentation, and diagrams for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to AWS, by Mike Levan.
https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
#aws
Free labs, documentation, and diagrams for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to AWS, by Mike Levan.
https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
#aws
GitHub
GitHub - AdminTurnedDevOps/DevOps-The-Hard-Way-AWS: This repository contains free labs for setting up an entire workflow and DevOps…
This repository contains free labs for setting up an entire workflow and DevOps environment from a real-world perspective in AWS - AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
🔶 Top 2021 AWS Security service launches security professionals should review - Part 1
An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of.
https://aws.amazon.com/ru/blogs/security/top-2021-aws-security-service-launches-part-1
#aws
An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of.
https://aws.amazon.com/ru/blogs/security/top-2021-aws-security-service-launches-part-1
#aws
Amazon
Top 2021 AWS Security service launches security professionals should review – Part 1 | Amazon Web Services
Given the speed of Amazon Web Services (AWS) innovation, it can sometimes be challenging to keep up with AWS Security service and feature launches. To help you stay current, here’s an overview of some of the most important 2021 AWS Security launches that…
🔷🔴 Google Cloud: configuring workload identity federation with Azure
How to configure workload identity federation with Azure (OIDC-compliant IdP) so workloads running on an Azure VM can impersonate a service account to perform operations on a Google Cloud resource.
https://medium.com/google-cloud/configuring-workload-identity-federation-with-azure-672a1e1f3eec
#azure #gcp
How to configure workload identity federation with Azure (OIDC-compliant IdP) so workloads running on an Azure VM can impersonate a service account to perform operations on a Google Cloud resource.
https://medium.com/google-cloud/configuring-workload-identity-federation-with-azure-672a1e1f3eec
#azure #gcp
Medium
Google Cloud: configuring workload identity federation with Azure
The most straightforward way for workloads running outside of Google Cloud to call Google Cloud APIs is by using a downloaded service…
🔶 Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively.
https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/
#aws
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively.
https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/
#aws
Last Week in AWS
Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer
🔶🔷🔴 Cloud 9: Top Cloud Penetration Testing Tools
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Bishop Fox
Cloud 9: Top Cloud Penetration Testing Tools
Here are nine of our favorite cloud pen testing tools use by our pen testers in 2022 and additional resources for enhancing your cloud pen testing skills.