🔶 Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively.
https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/
#aws
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively.
https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/
#aws
Last Week in AWS
Are AWS account IDs sensitive information?
One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer
🔶🔷🔴 Cloud 9: Top Cloud Penetration Testing Tools
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Bishop Fox
Cloud 9: Top Cloud Penetration Testing Tools
Here are nine of our favorite cloud pen testing tools use by our pen testers in 2022 and additional resources for enhancing your cloud pen testing skills.
🔷 Observability from cloud to edge in Azure
Some use cases for Azure Monitor.
https://azure.microsoft.com/en-gb/blog/observability-from-cloud-to-edge-in-azure
#azure
Some use cases for Azure Monitor.
https://azure.microsoft.com/en-gb/blog/observability-from-cloud-to-edge-in-azure
#azure
Microsoft
Observability from cloud to edge in Azure | Azure Blog and Updates ...
Our customers are transforming their digital environments, whether migrating workloads to Azure, building new cloud-native apps, or unlocking new scenarios at the edge. As they combine these strate...
🔶 Let’s Architect! Architecting for Security
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
🔶 Granted.dev
A CLI tool by Common Fate that simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. It’s designed for AWS SSO and encrypts cached credentials to avoid plaintext SSO tokens being saved on disk.
https://granted.dev/
#aws
A CLI tool by Common Fate that simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. It’s designed for AWS SSO and encrypts cached credentials to avoid plaintext SSO tokens being saved on disk.
https://granted.dev/
#aws
granted.dev
Granted - the easiest way to access your cloud.
🔴 GCP launches deny policies
IAM deny policies let you set guardrails on access to Google Cloud resources. With deny policies, you can define deny rules that prevent certain principals from using certain permissions, regardless of the roles they're granted.
https://cloud.google.com/iam/docs/deny-overview
#gcp
IAM deny policies let you set guardrails on access to Google Cloud resources. With deny policies, you can define deny rules that prevent certain principals from using certain permissions, regardless of the roles they're granted.
https://cloud.google.com/iam/docs/deny-overview
#gcp
Google Cloud
Deny policies | Identity and Access Management (IAM) | Google Cloud
🔶 awslabs/aws-cloudsaga
Tool to test security controls and alerts within your AWS environment, using generated alerts based on security events seen by the AWS Customer Incident Response Team (CIRT).
https://github.com/awslabs/aws-cloudsaga
#aws
Tool to test security controls and alerts within your AWS environment, using generated alerts based on security events seen by the AWS Customer Incident Response Team (CIRT).
https://github.com/awslabs/aws-cloudsaga
#aws
GitHub
GitHub - awslabs/aws-cloudsaga: AWS CloudSaga - Simulate security events in AWS
AWS CloudSaga - Simulate security events in AWS. Contribute to awslabs/aws-cloudsaga development by creating an account on GitHub.
🔷 Stay on top of database threats with Microsoft Defender for Azure Cosmos DB
Microsoft announced a new addition to their database protection offering Microsoft Defender for Azure Cosmos DB in preview.
https://azure.microsoft.com/en-gb/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db
#azure
Microsoft announced a new addition to their database protection offering Microsoft Defender for Azure Cosmos DB in preview.
https://azure.microsoft.com/en-gb/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db
#azure
Microsoft
Stay on top of database threats with Microsoft Defender for Azure C...
Databases are constantly evolving to handle new use cases, incorporate more intelligence, and store more data, giving developers and organizations a wide range of database types to meet their varyi...
🔶 AWS Security Reference Architecture
60pg PDF by AWS Professional services containing a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. GitHub repo with example solutions.
https://github.com/aws-samples/aws-security-reference-architecture-examples
#aws
60pg PDF by AWS Professional services containing a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. GitHub repo with example solutions.
https://github.com/aws-samples/aws-security-reference-architecture-examples
#aws
🔶A comprehensive Threat Model for Amazon S3.
https://controlcatalog.trustoncloud.com/dashboard/aws/s3
#aws
https://controlcatalog.trustoncloud.com/dashboard/aws/s3
#aws
🔶🔷🔴 CVE-2022-0847 (aka Dirty Pipe): What does it mean for defenders
A quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine the impact of CVE-2022-0847 on their company's infrastructure.
https://www.marcolancini.it/2022/blog-cve-2022-0847-dirty-pipe
#aws #azure #gcp
A quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine the impact of CVE-2022-0847 on their company's infrastructure.
https://www.marcolancini.it/2022/blog-cve-2022-0847-dirty-pipe
#aws #azure #gcp
🔷 AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability
#azure
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability
#azure
Orca Security
AutoWarp: Azure Automation Vulnerability | Orca Research Pod
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.
🔴 Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration
This post covers how a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.
https://orca.security/resources/blog/lateral-movement-google-cloud-default-service-account
#gcp
This post covers how a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.
https://orca.security/resources/blog/lateral-movement-google-cloud-default-service-account
#gcp
Orca Security
Google Cloud: Default Service Account Misconfiguration
This post covers how a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.
🔷 Escalating from Logic App Contributor to Root Owner in Azure
Having Contributor access to an Azure Resource Manager (ARM) API Connection would allow you to create arbitrary role assignments as the connected user. This was supposed to be limited to actions at the Resource Group level, but an attacker could escape to the Subscription or Root level with a path traversal payload.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-logic-app-contributor-escalation-to-root-owner
#azure
Having Contributor access to an Azure Resource Manager (ARM) API Connection would allow you to create arbitrary role assignments as the connected user. This was supposed to be limited to actions at the Resource Group level, but an attacker could escape to the Subscription or Root level with a path traversal payload.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-logic-app-contributor-escalation-to-root-owner
#azure
NetSPI
Escalating from Logic App Contributor to Root Owner in Azure
Discover how a penetration test led to gaining owner access at the root level of a tenant in Azure. Read on for a walkthrough and disclosure to MSRC.
🔷 Abusing Family Refresh Tokens for Unauthorized Access and Persistence in Azure Active Directory
Undocumented functionality in Azure Active Directory allows a group of Microsoft OAuth client applications to obtain special "family refresh tokens", which can be redeemed for bearer tokens as any other client in the family.
https://github.com/secureworks/family-of-client-ids-research
#azure
Undocumented functionality in Azure Active Directory allows a group of Microsoft OAuth client applications to obtain special "family refresh tokens", which can be redeemed for bearer tokens as any other client in the family.
https://github.com/secureworks/family-of-client-ids-research
#azure
GitHub
GitHub - secureworks/family-of-client-ids-research: Research into Undocumented Behavior of Azure AD Refresh Tokens
Research into Undocumented Behavior of Azure AD Refresh Tokens - secureworks/family-of-client-ids-research
🔶 Why Step Functions is the Best AWS Service You Are Not Using
Using Serverless AWS Step Functions To Accelerate FedRAMP Moderate ATO.
https://itnext.io/why-step-functions-is-the-best-aws-service-you-are-not-using-4f3c133d7d0d
#aws
Using Serverless AWS Step Functions To Accelerate FedRAMP Moderate ATO.
https://itnext.io/why-step-functions-is-the-best-aws-service-you-are-not-using-4f3c133d7d0d
#aws
Medium
Why Step Functions is the Best AWS Service You Are Not Using
How We Used it to Meet FedRAMP Moderate Compliance Requirements
🔷 Abusing Azure Hybrid Workers for Privilege Escalation - Part 1
Azure Hybrid Workers can be configured to use Automation Account "Run as" accounts, which can expose the credentials to anyone with local administrator access to the Hybrid Worker. Since "Run as" accounts are typically subscription contributors, this can lead to privilege escalation from multiple Azure Role-Based Access Control (RBAC) roles.
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-for-privilege-escalation
#azure
Azure Hybrid Workers can be configured to use Automation Account "Run as" accounts, which can expose the credentials to anyone with local administrator access to the Hybrid Worker. Since "Run as" accounts are typically subscription contributors, this can lead to privilege escalation from multiple Azure Role-Based Access Control (RBAC) roles.
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-for-privilege-escalation
#azure
NetSPI
Abusing Azure Hybrid Workers for Privilege Escalation – Part 1
Configure Windows VMs in Azure for Hybrid Workers with "Run as" certificates. Check out this post for step-by-step guidance and tips.
🔶 aws | ClickOops
A simple Lambda that monitors your CloudTrail log files to find manual actions taken in your accounts.
https://medium.com/cloudandthings/aws-clickoops-1b8cabc9b8e3
#aws
A simple Lambda that monitors your CloudTrail log files to find manual actions taken in your accounts.
https://medium.com/cloudandthings/aws-clickoops-1b8cabc9b8e3
#aws
Medium
aws | ClickOops
If you’ve been working in AWS for long enough, you will know that nothing good comes from configuring resources in the console aka…
🔷 A goat in the boat: a look at how Defender for Containers protects your clusters
Article exploring and testing Defender for Containers against a vulnerable environment and see what it can detect or prevent.
https://guillaumeben.xyz/defender-containers.html
#azure
Article exploring and testing Defender for Containers against a vulnerable environment and see what it can detect or prevent.
https://guillaumeben.xyz/defender-containers.html
#azure
🔶 Fantastic AWS Hacks and Where to Find Them
Getting started in AWS security, and how companies are getting hacked on AWS. You can also check a nice interactive mindmap.
https://docs.google.com/presentation/d/1WIg9Zctp7emuEgnehArUEwvkHSpC6JOi7ojejMX6L_s/edit#slide=id.g118f683adf8_0_43
#aws
Getting started in AWS security, and how companies are getting hacked on AWS. You can also check a nice interactive mindmap.
https://docs.google.com/presentation/d/1WIg9Zctp7emuEgnehArUEwvkHSpC6JOi7ojejMX6L_s/edit#slide=id.g118f683adf8_0_43
#aws
🔴 Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions
The 'Google Cloud Platform Storage Explorer' tool crawls all of your Google Cloud projects and detects which have access to all storage data.
https://orca.security/resources/blog/google-cloud-platform-storage-explorer
#gcp
The 'Google Cloud Platform Storage Explorer' tool crawls all of your Google Cloud projects and detects which have access to all storage data.
https://orca.security/resources/blog/google-cloud-platform-storage-explorer
#gcp
Orca Security
GCP Storage Vulnerability: GCP Buckets | Orca Research Pod
Attackers can detect which compute engine instances could expose storage data in its Google Cloud project scope by enumerating GCP bucket access permissions.