🔶 How to control access to AWS resources based on AWS account, OU, or organization

New IAM condition keys to make it simpler to control access across org boundaries: aws:ResourceOrgID, aws:ResourceOrgPaths, and aws:ResourceAccount.

https://aws.amazon.com/blogs/security/how-to-control-access-to-aws-resources-based-on-aws-account-ou-or-organization

#aws

🔷 Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account

Another Azure vulnerability, this time allowing an unprivileged user to modify graph search filters so that user could access logs which would normally require admin roles.

https://securecloud.blog/2022/04/21/microsoft-cloud-security-research-public-disclosure-gaining-unlimited-access-to-graph-auditlogs-endpoint-using-complex-filters-with-non-privileged-user-account

#azure

🔶 Old Services, New Tricks: Cloud Metadata Abuse by UNC2903

Mandiant identified exploitation of public-facing web applications by threat actors (UNC2903) to harvest credentials using Amazon's Instance Metadata Service (IMDS).

https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903

#aws

🔶 Bottlerocket Security Guidance

Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements.

https://github.com/bottlerocket-os/bottlerocket/blob/develop/SECURITY_GUIDANCE.md

#aws

🔷 Intelligent application protection from edge to cloud with Azure Web Application Firewall

Microsoft has been evolving Azure Web Application Firewall (Azure WAF), a cloud-native, self-managed security service to protect your applications and APIs running in Azure or anywhere else, from the network edge to the cloud.

https://azure.microsoft.com/en-gb/blog/intelligent-application-protection-from-edge-to-cloud-with-azure-web-application-firewall

#azure

🔶 Tools That Use AWS Logs to Help with Least Privilege

Great overview by Sym’s Adam Buggia on resources and tools for creating least privilege IAM policies. He discusses deriving AWS policies from CloudTrail Data vs designing policies using Client Side Monitoring (and their respective trade-offs), and how to generate policies for a Terraform Project using Localstack.

https://blog.symops.com/2022/05/06/least-privilege-policies-from-aws-logs

#aws

🔴 How many of your GCP buckets are publicly accessible? It might be more than you think...

A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended.

https://blog.lightspin.io/gcp-buckets-publicly-accessible

#gcp

🔷 Azure Synapse Security Advisory - Orca Security

Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants.

https://orca.security/resources/blog/azure-synapse-analytics-security-advisory

#azure

🔶 Security reference architecture for a serverless application

A walkthrough of security controls for a serverless architecture via a demo application.

https://anunay-bhatt.medium.com/security-reference-architecture-for-a-serverless-application-2fcd25b1d5e2

#aws

🔶 Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

https://www.wiz.io/blog/securing-aws-lambda-function-urls

#aws

🔶 GitHub Actions signing Lambda code

A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.

https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b

#aws

🔶 Learning from AWS Customer Security Incidents [2022]

Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.

https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022

#aws

🔴 Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms

Researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges. You can also read GKE's response.

https://static.sched.com/hosted_files/kccnceu2022/35/Trampoline%20Pods_%20Node%20to%20Admin%20PrivEsc%20Built%20Into%20Popular%20K8s%20Platforms.pptx.pdf

https://security.googleblog.com/2022/05/privileged-pod-escalations-in.html

#gcp

🔶 Zero Maintenance AWS Canary Tokens That Scale

By utilizing temporary credentials (credentials returned as the result of the AssumeRole operation) as honeytokens, we can deploy a honeytoken approach that scales with our environment, utilize existing detection mechanisms (CloudTrail alerting), and remove the need to run a set of infrastructure dedicated to managing IAM Users.

https://medium.com/@williambengtson/zero-maintenance-aws-canary-tokens-that-scale-b470c6f60da

#aws

🔶🔴 Implementing Secure Code in the Cloud

Learn how to implement security in the cloud at the application layer.

https://scalesec.com/blog/implementing-secure-code-in-the-cloud

#aws #gcp

🔶🔷🔴 A Look Into Public Clouds From the Ransomware Actor's Perspective

Article exploring how ransomware threat actors might operate in cloud environments, and what approaches they might use to attack and impact resources in public clouds.

https://unit42.paloaltonetworks.com/ransomware-in-public-clouds

#aws #azure #gcp

🔷 Automating Azure Abuse Research

A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities.

https://posts.specterops.io/automating-azure-abuse-research-part-1-30b0eca33418

#azure

🔶 A Review of the AWS Security Model

AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community?

https://www.nojones.net/posts/a-review-of-the-aws-security-maturity-model

#aws

🔶🔷🔴 google/cloud-forensics-utils

A Python library to carry out DFIR analysis on the cloud. Currently supports GCP, Azure, and AWS.

https://github.com/google/cloud-forensics-utils

#aws #azure #gcp

🔶🔷🔴 Securing Cloud Services against Squatting Attacks

Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.

https://pauley.me/post/2022/secure-cloud-decomissioning

#aws #azure #gcp

🔷 Azure/aztfy

A tool to bring existing Azure resources under Terraform’s management.

https://github.com/Azure/aztfy

#azure