🔴 How many of your GCP buckets are publicly accessible? It might be more than you think...
A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended.
https://blog.lightspin.io/gcp-buckets-publicly-accessible
#gcp
A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended.
https://blog.lightspin.io/gcp-buckets-publicly-accessible
#gcp
blog.lightspin.io
How many of your GCP buckets are publicly accessible? It might be more than you think...
Take a look at Lightspin's examination of GCP's storage service, how to access buckets, and how to make sure your buckets are configured as intended.
👍2
🔷 Azure Synapse Security Advisory - Orca Security
Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants.
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory
#azure
Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants.
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory
#azure
Orca Security
Azure Synapse Security Advisory | Orca Research Pod
Learn about how the Orca Research Pod discovered an Azure Synapse Security Advisory, now called Synlapse, in the use of the Microsoft Azure Synapse service.
🔥2
🔶 Security reference architecture for a serverless application
A walkthrough of security controls for a serverless architecture via a demo application.
https://anunay-bhatt.medium.com/security-reference-architecture-for-a-serverless-application-2fcd25b1d5e2
#aws
A walkthrough of security controls for a serverless architecture via a demo application.
https://anunay-bhatt.medium.com/security-reference-architecture-for-a-serverless-application-2fcd25b1d5e2
#aws
Medium
Security reference architecture for a serverless application
A walkthrough of security controls in a serverless architecture via a demo application
👍1🔥1
🔶 Securing AWS Lambda function URLs
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
https://www.wiz.io/blog/securing-aws-lambda-function-urls
#aws
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
https://www.wiz.io/blog/securing-aws-lambda-function-urls
#aws
wiz.io
Securing AWS Lambda function URLs | Wiz Blog
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
🔥2
🔶 GitHub Actions signing Lambda code
A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.
https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b
#aws
A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.
https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b
#aws
Medium
GitHub Actions signing Lambda code
Code signatures help prevent unauthorized code execution. They bridge trust between build and execution environments. This post shows you…
🔥2
🔶 Learning from AWS Customer Security Incidents [2022]
Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.
https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022
#aws
Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.
https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022
#aws
GitHub
GitHub - ramimac/aws-customer-security-incidents: A repository of breaches of AWS customers
A repository of breaches of AWS customers. Contribute to ramimac/aws-customer-security-incidents development by creating an account on GitHub.
👍2
🔴 Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms
Researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges. You can also read GKE's response.
https://static.sched.com/hosted_files/kccnceu2022/35/Trampoline%20Pods_%20Node%20to%20Admin%20PrivEsc%20Built%20Into%20Popular%20K8s%20Platforms.pptx.pdf
https://security.googleblog.com/2022/05/privileged-pod-escalations-in.html
#gcp
Researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges. You can also read GKE's response.
https://static.sched.com/hosted_files/kccnceu2022/35/Trampoline%20Pods_%20Node%20to%20Admin%20PrivEsc%20Built%20Into%20Popular%20K8s%20Platforms.pptx.pdf
https://security.googleblog.com/2022/05/privileged-pod-escalations-in.html
#gcp
🔥2
🔶 Zero Maintenance AWS Canary Tokens That Scale
By utilizing temporary credentials (credentials returned as the result of the AssumeRole operation) as honeytokens, we can deploy a honeytoken approach that scales with our environment, utilize existing detection mechanisms (CloudTrail alerting), and remove the need to run a set of infrastructure dedicated to managing IAM Users.
https://medium.com/@williambengtson/zero-maintenance-aws-canary-tokens-that-scale-b470c6f60da
#aws
By utilizing temporary credentials (credentials returned as the result of the AssumeRole operation) as honeytokens, we can deploy a honeytoken approach that scales with our environment, utilize existing detection mechanisms (CloudTrail alerting), and remove the need to run a set of infrastructure dedicated to managing IAM Users.
https://medium.com/@williambengtson/zero-maintenance-aws-canary-tokens-that-scale-b470c6f60da
#aws
Medium
Zero Maintenance AWS Canary Tokens That Scale
by William Bengtson | @__muscles
👍1
🔶🔴 Implementing Secure Code in the Cloud
Learn how to implement security in the cloud at the application layer.
https://scalesec.com/blog/implementing-secure-code-in-the-cloud
#aws #gcp
Learn how to implement security in the cloud at the application layer.
https://scalesec.com/blog/implementing-secure-code-in-the-cloud
#aws #gcp
Scalesec
Implementing Secure Code in the Cloud | ScaleSec
Learn how to implement security in the cloud at the application layer.
👍3🔥2
🔶🔷🔴 A Look Into Public Clouds From the Ransomware Actor's Perspective
Article exploring how ransomware threat actors might operate in cloud environments, and what approaches they might use to attack and impact resources in public clouds.
https://unit42.paloaltonetworks.com/ransomware-in-public-clouds
#aws #azure #gcp
Article exploring how ransomware threat actors might operate in cloud environments, and what approaches they might use to attack and impact resources in public clouds.
https://unit42.paloaltonetworks.com/ransomware-in-public-clouds
#aws #azure #gcp
Unit 42
A Look Into Public Clouds From the Ransomware Actor's Perspective
Ransomware in public clouds is rare, but cloud threat actors could adapt their TTPs to be more cloud native. Now is the time to get ahead of it.
🔥1
🔷 Automating Azure Abuse Research
A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities.
https://posts.specterops.io/automating-azure-abuse-research-part-1-30b0eca33418
#azure
A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities.
https://posts.specterops.io/automating-azure-abuse-research-part-1-30b0eca33418
#azure
Medium
Automating Azure Abuse Research — Part 1
Intro
😱1
🔶 A Review of the AWS Security Model
AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community?
https://www.nojones.net/posts/a-review-of-the-aws-security-maturity-model
#aws
AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community?
https://www.nojones.net/posts/a-review-of-the-aws-security-maturity-model
#aws
www.nojones.net
A Review of the AWS Security Model - Nick Jones
<p>AWS have released their own security maturity model, which contains a lot of detail on their take as to how to secure your AWS estate. Does it stack up against what we’re seeing in real-world attacks, or the approaches being suggested by the rest of the…
👍3
🔶🔷🔴 google/cloud-forensics-utils
A Python library to carry out DFIR analysis on the cloud. Currently supports GCP, Azure, and AWS.
https://github.com/google/cloud-forensics-utils
#aws #azure #gcp
A Python library to carry out DFIR analysis on the cloud. Currently supports GCP, Azure, and AWS.
https://github.com/google/cloud-forensics-utils
#aws #azure #gcp
GitHub
GitHub - google/cloud-forensics-utils: Python library to carry out DFIR analysis on the Cloud
Python library to carry out DFIR analysis on the Cloud - google/cloud-forensics-utils
👍2
🔶🔷🔴 Securing Cloud Services against Squatting Attacks
Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.
https://pauley.me/post/2022/secure-cloud-decomissioning
#aws #azure #gcp
Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.
https://pauley.me/post/2022/secure-cloud-decomissioning
#aws #azure #gcp
Eric Pauley
Securing Cloud Services against Squatting Attacks | Eric Pauley
IT organizations must take steps to protect their users against cloud Squatting. This post discusses the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.
👍1
🔷 Azure/aztfy
A tool to bring existing Azure resources under Terraform’s management.
https://github.com/Azure/aztfy
#azure
A tool to bring existing Azure resources under Terraform’s management.
https://github.com/Azure/aztfy
#azure
GitHub
GitHub - Azure/aztfy: A tool to bring existing Azure resources under Terraform's management
A tool to bring existing Azure resources under Terraform's management - GitHub - Azure/aztfy: A tool to bring existing Azure resources under Terraform's management
🔥2
🔶 AWS Startup Security Baseline
Guidance by AWS’ Jay Michael on a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility.
https://docs.aws.amazon.com/prescriptive-guidance/latest/aws-startup-security-baseline/welcome.html
#aws
Guidance by AWS’ Jay Michael on a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility.
https://docs.aws.amazon.com/prescriptive-guidance/latest/aws-startup-security-baseline/welcome.html
#aws
Amazon
AWS Startup Security Baseline - AWS Prescriptive Guidance
This guide provides a comprehensive set of controls for startups that want to establish a strong security foundation in the AWS Cloud.
👍5
🔶 When and where to use IAM permissions boundaries
AWS’s Umair Rehmat covers common use cases for permissions boundaries, some best practices to consider, and a few things to avoid.
https://aws.amazon.com/ru/blogs/security/when-and-where-to-use-iam-permissions-boundaries
#aws
AWS’s Umair Rehmat covers common use cases for permissions boundaries, some best practices to consider, and a few things to avoid.
https://aws.amazon.com/ru/blogs/security/when-and-where-to-use-iam-permissions-boundaries
#aws
🔥2
🔴 How to Think about Threat Detection in the Cloud
Google’s Anton Chuvakin and Tim Peacock share their views on a foundational framework for thinking about threat detection in public cloud computing.
https://medium.com/anton-on-security/how-to-think-about-threat-detection-in-the-cloud-1baff902afe5
#gcp
Google’s Anton Chuvakin and Tim Peacock share their views on a foundational framework for thinking about threat detection in public cloud computing.
https://medium.com/anton-on-security/how-to-think-about-threat-detection-in-the-cloud-1baff902afe5
#gcp
😱2👍1
🔷 Managed Identity Attack Paths, Part 1: Automation Accounts
A three part blog series exploring attack paths that emerge out of Managed Identity assignments in three Azure services.
https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a
#azure
A three part blog series exploring attack paths that emerge out of Managed Identity assignments in three Azure services.
https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a
#azure
Medium
Managed Identity Attack Paths, Part 1: Automation Accounts
In this three part blog series we will explore attack paths that emerge out of Managed Identity assignments in three Azure services.
👍1🔥1
🔴 Enumeration and lateral movement in GCP environments
A pentest write up describing how it was possible to compromise a hybrid GCP hosted infrastructure using native GCP tools.
https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794
#gcp
A pentest write up describing how it was possible to compromise a hybrid GCP hosted infrastructure using native GCP tools.
https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794
#gcp
Medium
Enumeration and lateral movement in GCP environments
This write up is about a pentest we did in which we managed to compromise a hybrid GCP hosted infrastructure using native GCP tools for…
😱2
🔶 Use CloudTrail to Pivot to AWS Accounts
How to utilize the AWS CloudTrail service to discover other AWS accounts that you could pivot to.
https://bishopfox.com/blog/cloudtrail-pivot-to-aws-accounts
#aws
How to utilize the AWS CloudTrail service to discover other AWS accounts that you could pivot to.
https://bishopfox.com/blog/cloudtrail-pivot-to-aws-accounts
#aws
Bishop Fox
Use CloudTrail to Pivot to AWS Accounts During Cloud Penetration Test
Look at a realistic cloud penetration test situation and see how to utilize the AWS CloudTrail service to discover AWS accounts that you could pivot to.
🔥2