🔶 GitHub Actions signing Lambda code

A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.

https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b

#aws

🔶 Learning from AWS Customer Security Incidents [2022]

Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.

https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022

#aws

🔴 Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms

Researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges. You can also read GKE's response.

https://static.sched.com/hosted_files/kccnceu2022/35/Trampoline%20Pods_%20Node%20to%20Admin%20PrivEsc%20Built%20Into%20Popular%20K8s%20Platforms.pptx.pdf

https://security.googleblog.com/2022/05/privileged-pod-escalations-in.html

#gcp

🔶 Zero Maintenance AWS Canary Tokens That Scale

By utilizing temporary credentials (credentials returned as the result of the AssumeRole operation) as honeytokens, we can deploy a honeytoken approach that scales with our environment, utilize existing detection mechanisms (CloudTrail alerting), and remove the need to run a set of infrastructure dedicated to managing IAM Users.

https://medium.com/@williambengtson/zero-maintenance-aws-canary-tokens-that-scale-b470c6f60da

#aws

🔶🔴 Implementing Secure Code in the Cloud

Learn how to implement security in the cloud at the application layer.

https://scalesec.com/blog/implementing-secure-code-in-the-cloud

#aws #gcp

🔶🔷🔴 A Look Into Public Clouds From the Ransomware Actor's Perspective

Article exploring how ransomware threat actors might operate in cloud environments, and what approaches they might use to attack and impact resources in public clouds.

https://unit42.paloaltonetworks.com/ransomware-in-public-clouds

#aws #azure #gcp

🔷 Automating Azure Abuse Research

A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities.

https://posts.specterops.io/automating-azure-abuse-research-part-1-30b0eca33418

#azure

🔶 A Review of the AWS Security Model

AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community?

https://www.nojones.net/posts/a-review-of-the-aws-security-maturity-model

#aws

🔶🔷🔴 google/cloud-forensics-utils

A Python library to carry out DFIR analysis on the cloud. Currently supports GCP, Azure, and AWS.

https://github.com/google/cloud-forensics-utils

#aws #azure #gcp

🔶🔷🔴 Securing Cloud Services against Squatting Attacks

Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.

https://pauley.me/post/2022/secure-cloud-decomissioning

#aws #azure #gcp

🔷 Azure/aztfy

A tool to bring existing Azure resources under Terraform’s management.

https://github.com/Azure/aztfy

#azure

🔶 AWS Startup Security Baseline

Guidance by AWS’ Jay Michael on a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility.

https://docs.aws.amazon.com/prescriptive-guidance/latest/aws-startup-security-baseline/welcome.html

#aws

🔶 When and where to use IAM permissions boundaries

AWS’s Umair Rehmat covers common use cases for permissions boundaries, some best practices to consider, and a few things to avoid.

https://aws.amazon.com/ru/blogs/security/when-and-where-to-use-iam-permissions-boundaries

#aws

🔴 How to Think about Threat Detection in the Cloud

Google’s Anton Chuvakin and Tim Peacock share their views on a foundational framework for thinking about threat detection in public cloud computing.

https://medium.com/anton-on-security/how-to-think-about-threat-detection-in-the-cloud-1baff902afe5

#gcp

🔷 Managed Identity Attack Paths, Part 1: Automation Accounts

A three part blog series exploring attack paths that emerge out of Managed Identity assignments in three Azure services.

https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a

#azure

🔴 Enumeration and lateral movement in GCP environments

A pentest write up describing how it was possible to compromise a hybrid GCP hosted infrastructure using native GCP tools.

https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794

#gcp

🔶 Use CloudTrail to Pivot to AWS Accounts

How to utilize the AWS CloudTrail service to discover other AWS accounts that you could pivot to.

https://bishopfox.com/blog/cloudtrail-pivot-to-aws-accounts

#aws

🔶🔷🔴 cloud-middleware-dataset

This project contains cloud middleware (i.e. agents installed by cloud security providers) used across the major cloud service providers (Azure, AWS and GCP).

https://github.com/wiz-sec/cloud-middleware-dataset

#aws #azure #gcp

🔴 An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane

The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms.

https://www.mitiga.io/blog/misconfiguration-hidden-dangers-cloud-control-plane

#gcp

🔶🔷🔴 The cloud gray zone: secret agents installed by cloud service providers

Wiz Research details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors.

https://www.wiz.io/blog/the-cloud-gray-zone-secret-agents-installed-by-cloud-service-providers

#aws #azure #gcp

🔷 SynLapse - Technical Details for Critical Azure Synapse Vulnerability

This blog describes the technical details of SynLapse, a critical Synapse Analytics vulnerability in Microsoft Azure which allowed attackers to bypass tenant separation.

https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability

#azure