🔶 Bypassing the AWS WAF protection with an 8KB bullet
The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.
https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation
#aws
The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.
https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation
#aws
Kloudle
Find & Fix 350+ security issues in your Cloud with Kloudle.
🔴 GCP - Specifying an expiry time for user-managed keys
It is now (finally!) possible to specify a default expiry for service account keys.
https://cloud.google.com/iam/docs/service-accounts#key-expiry
#gcp
It is now (finally!) possible to specify a default expiry for service account keys.
https://cloud.google.com/iam/docs/service-accounts#key-expiry
#gcp
Google Cloud Documentation
Service accounts overview | Identity and Access Management (IAM) | Google Cloud Documentation
Conceptual and lifecycle information about IAM service accounts.
🔶 Ransomware-resistant backups with duplicity and AWS S3
Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.
https://www.franzoni.eu/ransomware-resistant-backups
#aws
Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.
https://www.franzoni.eu/ransomware-resistant-backups
#aws
Alan's Lair
Ransomware-resistant backups with duplicity and AWS S3
Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.
🔶 AWS IAM: Best practices [Part 1]
Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.
https://www.iampulse.com/articles/aws-iam-best-practices-part-1
#aws
Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.
https://www.iampulse.com/articles/aws-iam-best-practices-part-1
#aws
🔷 Understanding and Protecting local authentication for Azure services - Part 1
The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.
https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f
#azure
The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.
https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f
#azure
Medium
Understanding and Protecting local authentication for Azure services — Part 1
I recently started a series on protecting access in Azure. In a previous post, I covered anonymous access and protecting them. In this…
🔶 A "Safety Net" for AWS Canarytokens
AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.
https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html
#aws
AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.
https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html
#aws
Thinkst Thoughts
A “Safety Net” for AWS Canarytokens
The AWS API Key Canarytoken (paid and free) is a great way to detect attackers who have compromised your infrastructure. The full details are in a previous blogpost, but in short: You go to and gen…
🔴 Auditing GKE operations? Configure Data Access audit logs
The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs.
https://padlock.argh.in/2022/02/10/gke-audit.html
#gcp
The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs.
https://padlock.argh.in/2022/02/10/gke-audit.html
#gcp
Padlock
Auditing GKE operations? Configure Data Access audit logs
Notes about information security, written by Feroz Salam.
🔶 Elastic and AWS Serverless Application Repository (SAR)
How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3.
https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3
#aws
How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3.
https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3
#aws
🔶 Terraform AWS Provider 4.0 Refactors S3 Bucket Resource
Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long.
https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource
#aws
Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long.
https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource
#aws
HashiCorp
Terraform AWS Provider 4.0 Refactors S3 Bucket Resource
Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource.
🔷 10 ways of gaining control over Azure function Apps
Some techniques for taking over Azure Function Apps.
https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6
#azure
Some techniques for taking over Azure Function Apps.
https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6
#azure
Medium
10 ways of gaining control over Azure function Apps
Written by Bill Ben Haim & Zur Ulianitzky — December 20,2021
🔶 imdsv2_wall_of_shame
List of vendors that do not allow IMDSv2 enforcement.
https://github.com/SummitRoute/imdsv2_wall_of_shame
#aws
List of vendors that do not allow IMDSv2 enforcement.
https://github.com/SummitRoute/imdsv2_wall_of_shame
#aws
GitHub
GitHub - SummitRoute/imdsv2_wall_of_shame: List of vendors that do not allow IMDSv2 enforcement
List of vendors that do not allow IMDSv2 enforcement - SummitRoute/imdsv2_wall_of_shame
🔷 Secure Azure Cosmos DB access by using Azure Managed Identities
How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.
https://itnext.io/secure-azure-cosmos-db-access-by-using-azure-managed-identities-55f9fdf48fda?gi=eec46e048be1
#azure
How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.
https://itnext.io/secure-azure-cosmos-db-access-by-using-azure-managed-identities-55f9fdf48fda?gi=eec46e048be1
#azure
Medium
Secure Azure Cosmos DB access by using Azure Managed Identities
Learn how to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.
🔶 AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
Free labs, documentation, and diagrams for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to AWS, by Mike Levan.
https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
#aws
Free labs, documentation, and diagrams for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to AWS, by Mike Levan.
https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
#aws
GitHub
GitHub - AdminTurnedDevOps/DevOps-The-Hard-Way-AWS: This repository contains free labs for setting up an entire workflow and DevOps…
This repository contains free labs for setting up an entire workflow and DevOps environment from a real-world perspective in AWS - AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
🔶 Top 2021 AWS Security service launches security professionals should review - Part 1
An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of.
https://aws.amazon.com/ru/blogs/security/top-2021-aws-security-service-launches-part-1
#aws
An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of.
https://aws.amazon.com/ru/blogs/security/top-2021-aws-security-service-launches-part-1
#aws
Amazon
Top 2021 AWS Security service launches security professionals should review – Part 1 | Amazon Web Services
Given the speed of Amazon Web Services (AWS) innovation, it can sometimes be challenging to keep up with AWS Security service and feature launches. To help you stay current, here’s an overview of some of the most important 2021 AWS Security launches that…
🔷🔴 Google Cloud: configuring workload identity federation with Azure
How to configure workload identity federation with Azure (OIDC-compliant IdP) so workloads running on an Azure VM can impersonate a service account to perform operations on a Google Cloud resource.
https://medium.com/google-cloud/configuring-workload-identity-federation-with-azure-672a1e1f3eec
#azure #gcp
How to configure workload identity federation with Azure (OIDC-compliant IdP) so workloads running on an Azure VM can impersonate a service account to perform operations on a Google Cloud resource.
https://medium.com/google-cloud/configuring-workload-identity-federation-with-azure-672a1e1f3eec
#azure #gcp
Medium
Google Cloud: configuring workload identity federation with Azure
The most straightforward way for workloads running outside of Google Cloud to call Google Cloud APIs is by using a downloaded service…
🔶 Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively.
https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/
#aws
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively.
https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/
#aws
Last Week in AWS
Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer
🔶🔷🔴 Cloud 9: Top Cloud Penetration Testing Tools
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Bishop Fox
Cloud 9: Top Cloud Penetration Testing Tools
Here are nine of our favorite cloud pen testing tools use by our pen testers in 2022 and additional resources for enhancing your cloud pen testing skills.
🔷 Observability from cloud to edge in Azure
Some use cases for Azure Monitor.
https://azure.microsoft.com/en-gb/blog/observability-from-cloud-to-edge-in-azure
#azure
Some use cases for Azure Monitor.
https://azure.microsoft.com/en-gb/blog/observability-from-cloud-to-edge-in-azure
#azure
Microsoft
Observability from cloud to edge in Azure | Azure Blog and Updates ...
Our customers are transforming their digital environments, whether migrating workloads to Azure, building new cloud-native apps, or unlocking new scenarios at the edge. As they combine these strate...
🔶 Let’s Architect! Architecting for Security
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
🔶 Granted.dev
A CLI tool by Common Fate that simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. It’s designed for AWS SSO and encrypts cached credentials to avoid plaintext SSO tokens being saved on disk.
https://granted.dev/
#aws
A CLI tool by Common Fate that simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. It’s designed for AWS SSO and encrypts cached credentials to avoid plaintext SSO tokens being saved on disk.
https://granted.dev/
#aws
granted.dev
Granted - the easiest way to access your cloud.
🔴 GCP launches deny policies
IAM deny policies let you set guardrails on access to Google Cloud resources. With deny policies, you can define deny rules that prevent certain principals from using certain permissions, regardless of the roles they're granted.
https://cloud.google.com/iam/docs/deny-overview
#gcp
IAM deny policies let you set guardrails on access to Google Cloud resources. With deny policies, you can define deny rules that prevent certain principals from using certain permissions, regardless of the roles they're granted.
https://cloud.google.com/iam/docs/deny-overview
#gcp
Google Cloud
Deny policies | Identity and Access Management (IAM) | Google Cloud