🔶 zoph-io/aws-security-survival-kit
Victor Grenu helps you set up minimal alerting on typical suspicious activities on your AWS Account. Using this kit, you will deploy CloudWatch EventRules and CW alarms on:
1️⃣ Root User activities
2️⃣ CloudTrail changes
3️⃣ AWS Personal Health Events
4️⃣ IAM Users changes
5️⃣ MFA updates
6️⃣ Unauthorized Operations
7️⃣ Failed AWS Console login authentication
https://github.com/zoph-io/aws-security-survival-kit
#aws
Victor Grenu helps you set up minimal alerting on typical suspicious activities on your AWS Account. Using this kit, you will deploy CloudWatch EventRules and CW alarms on:
1️⃣ Root User activities
2️⃣ CloudTrail changes
3️⃣ AWS Personal Health Events
4️⃣ IAM Users changes
5️⃣ MFA updates
6️⃣ Unauthorized Operations
7️⃣ Failed AWS Console login authentication
https://github.com/zoph-io/aws-security-survival-kit
#aws
👍1🔥1
🔶 Using Kyverno To Enforce AWS Load Balancer Annotations For Centralized Logging To S3
Post covering the steps to take in order to use Kyverno to automatically configure the annotations that enable access logs for an AWS Network Load Balancer (NLB) to be forwarded to an S3 bucket.
https://silvr.medium.com/using-kyverno-to-enforce-aws-load-balancer-annotations-for-centralized-logging-to-s3-af5dc1f1f3e0
#aws
Post covering the steps to take in order to use Kyverno to automatically configure the annotations that enable access logs for an AWS Network Load Balancer (NLB) to be forwarded to an S3 bucket.
https://silvr.medium.com/using-kyverno-to-enforce-aws-load-balancer-annotations-for-centralized-logging-to-s3-af5dc1f1f3e0
#aws
👍1🔥1
🔶 Run a Tailscale VPN relay on ECS/Fargate
A step by step tutorial on how to run Tailscale in ECS.
https://platformers.dev/log/2022/tailscale-ecs
#aws
A step by step tutorial on how to run Tailscale in ECS.
https://platformers.dev/log/2022/tailscale-ecs
#aws
👍1
🔶 The Many Ways to Manage Access to an EC2 Instance
By Sym’s Mathew Pregasen. Options: EC2 key pairs, SSH access via 3rd-party tools, SSH access via IAM policies, eliminate direct access via GitOps (SSM’s Run Command), and temporary or JIT access.
https://blog.symops.com/2022/09/22/ec2-access
#aws
By Sym’s Mathew Pregasen. Options: EC2 key pairs, SSH access via 3rd-party tools, SSH access via IAM policies, eliminate direct access via GitOps (SSM’s Run Command), and temporary or JIT access.
https://blog.symops.com/2022/09/22/ec2-access
#aws
👍1🔥1
🔶 AWS services, explained in Victorian English
By GPT-3 and @thesephist. How all companies should describe their products.
1️⃣ S3 is a glorious bastion of uptime in the otherwise storm-tossed sea of the World Wide Web, a shining beacon of safety to which one may entrust one’s most valuable data, whether files, or precious objects, or even blobs of the most unique and ephemeral content.
2️⃣ Route 53, the fleet-footed messenger of the gods, delivers your DNS traffic across the Internet with the speed of a Thracian chariot, and at a fraction of the cost.
https://victorianaws.com
#aws
By GPT-3 and @thesephist. How all companies should describe their products.
1️⃣ S3 is a glorious bastion of uptime in the otherwise storm-tossed sea of the World Wide Web, a shining beacon of safety to which one may entrust one’s most valuable data, whether files, or precious objects, or even blobs of the most unique and ephemeral content.
2️⃣ Route 53, the fleet-footed messenger of the gods, delivers your DNS traffic across the Internet with the speed of a Thracian chariot, and at a fraction of the cost.
https://victorianaws.com
#aws
🔥1
🔶🔷🔴 Cloud Architecture Diagrams as Code
Create diagrams for AWS, GCP, Azure, a data ETL pipeline and more.
https://docs.tryeraser.com/docs/examples
#aws #azure #gcp
Create diagrams for AWS, GCP, Azure, a data ETL pipeline and more.
https://docs.tryeraser.com/docs/examples
#aws #azure #gcp
Eraser
Cloud Architecture Diagrams – Examples
Here are some examples of diagrams you can create. AWS Diagram Open in Eraser to duplicate. // Define groups and nodes API gateway [icon: aws-api-gateway] Lambda [icon: aws-lambda] S3 [icon: aws-simple-storage-service] VPC Subnet { Main Server { Server [icon:…
👏2👍1
🔶 State of AWS Security in 2022: A Look Into Real-World AWS Environments
Datadog analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most common causes of security breaches.
https://www.datadoghq.com/state-of-aws-security
#aws
Datadog analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most common causes of security breaches.
https://www.datadoghq.com/state-of-aws-security
#aws
👏1
🔶 Unofficial list of free resources to learn AWS for absolute beginners
An unofficial list of free resources to learn AWS for absolute beginners. This will be a living document.
https://docs.google.com/document/d/1fDTumqm5oc_nLAQBUnW8c6hAGmGx95a8-BZ92GqlbUs/edit
#aws
An unofficial list of free resources to learn AWS for absolute beginners. This will be a living document.
https://docs.google.com/document/d/1fDTumqm5oc_nLAQBUnW8c6hAGmGx95a8-BZ92GqlbUs/edit
#aws
🔥1
🔶 Diving Deeply into IAM Policy Evaluation
A post going through confounding conditions, double and triple negatives, and principals matched and unmatched to explain a more accurate model of how IAM evaluates permissions internally.
https://ermetic.com/blog/aws/diving-deeply-into-iam-policy-evaluation-highlights-from-aws-reinforce-session-iam433
#aws
A post going through confounding conditions, double and triple negatives, and principals matched and unmatched to explain a more accurate model of how IAM evaluates permissions internally.
https://ermetic.com/blog/aws/diving-deeply-into-iam-policy-evaluation-highlights-from-aws-reinforce-session-iam433
#aws
👏2
🔶 AWS Permission Boundaries for Dummies
Tl;dr: if you want someone to admin some IAM in an account but not all the IAM, then you might need one.
https://www.firemon.com/aws-permission-boundaries-for-dummies
#aws
Tl;dr: if you want someone to admin some IAM in an account but not all the IAM, then you might need one.
https://www.firemon.com/aws-permission-boundaries-for-dummies
#aws
🔥1
🔶 pop3ret/AWSome-Pentesting
A guide to help pentesters learning more about AWS misconfigurations and ways to abuse them. Cheatsheet of useful commands for a variety of AWS services, covering enumeration, data exfiltration, privilege escalation, and more.
https://github.com/pop3ret/AWSome-Pentesting/blob/main/AWSome-Pentesting-Cheatsheet.md
#aws
A guide to help pentesters learning more about AWS misconfigurations and ways to abuse them. Cheatsheet of useful commands for a variety of AWS services, covering enumeration, data exfiltration, privilege escalation, and more.
https://github.com/pop3ret/AWSome-Pentesting/blob/main/AWSome-Pentesting-Cheatsheet.md
#aws
GitHub
AWSome-Pentesting/AWSome-Pentesting-Cheatsheet.md at main · pop3ret/AWSome-Pentesting
My cheatsheet notes to pentest AWS infrastructure. Contribute to pop3ret/AWSome-Pentesting development by creating an account on GitHub.
👍3
🔷 Public Network Access to Azure Resources Is Too Easy to Configure
For some types of Azure resources and subnets, it's extremely easy to configure what is essentially public network access. This post describes some examples and how to reduce such risks.
https://ermetic.com/blog/azure/public-network-access-to-azure-resources-is-too-easy-to-configure
#azure
For some types of Azure resources and subnets, it's extremely easy to configure what is essentially public network access. This post describes some examples and how to reduce such risks.
https://ermetic.com/blog/azure/public-network-access-to-azure-resources-is-too-easy-to-configure
#azure
🔥1
🔴 Security Logging in Cloud Environments - GCP
Another update to my "Security Logging in Cloud Environments - GCP" post, this time adding the new Sensitive Actions Service to the SCC section.
https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-gcp
#gcp
Another update to my "Security Logging in Cloud Environments - GCP" post, this time adding the new Sensitive Actions Service to the SCC section.
https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-gcp
#gcp
🔥1
На связи команда рекрутинга Yandex Cloud и Инфраструктуры Яндекса.
Мы на две недели включаем турбо-режим и готовы нанимать backend-разработчиков и SRE за 2-3 дня.
Собрали всю информацию в telegram-канал: https://t.me/cloud_track
Решайте задания Яндекс Контеста до 23 октября 2022 и присоединяйтесь к нам!
Будем вместе строить и развивать мощное облако.
#advertising
Мы на две недели включаем турбо-режим и готовы нанимать backend-разработчиков и SRE за 2-3 дня.
Собрали всю информацию в telegram-канал: https://t.me/cloud_track
Решайте задания Яндекс Контеста до 23 октября 2022 и присоединяйтесь к нам!
Будем вместе строить и развивать мощное облако.
#advertising
👍3👎3
🔶 Lateral movement risks in the cloud and how to prevent them - Part 1: the network layer (VPC)
Post introducing lateral movement as it pertains to VPCs. It discusses attacker TTPs, and outlines best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-1-the-network-layer
#aws
Post introducing lateral movement as it pertains to VPCs. It discusses attacker TTPs, and outlines best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-1-the-network-layer
#aws
🔥3
🔶 You should have lots of AWS accounts
Lots of AWS accounts working together in harmony will net you a more secure, more reliable, and more compliant cloud infrastructure.
https://src-bin.com/you-should-have-lots-of-aws-accounts
#aws
Lots of AWS accounts working together in harmony will net you a more secure, more reliable, and more compliant cloud infrastructure.
https://src-bin.com/you-should-have-lots-of-aws-accounts
#aws
Src-Bin
You should have lots of aws accounts
An article about AWS and Substrate
👍1
🔶 tuladhar/cleanup-aws-access-keys
A cloud security tool to search and clean up unused AWS access keys, written in Go, by Puru Tuladhar.
https://github.com/tuladhar/cleanup-aws-access-keys
#aws
A cloud security tool to search and clean up unused AWS access keys, written in Go, by Puru Tuladhar.
https://github.com/tuladhar/cleanup-aws-access-keys
#aws
👍1🔥1
🔷 FabriXss: How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
The Orca Research Pod has discovered FabriXss a vulnerability in Azure Service Fabric Explorer that allows attackers to gain full Administrator permissions.
https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer
#azure
The Orca Research Pod has discovered FabriXss a vulnerability in Azure Service Fabric Explorer that allows attackers to gain full Administrator permissions.
https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer
#azure
🔥1
🔶 The Danger of Falling to System Role in AWS SDK Client
Writeup of a vulnerability identified in a web application that was using the AWS SDK for Go (v1) to implement an "Import Data From S3" functionality.
https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html
#aws
Writeup of a vulnerability identified in a web application that was using the AWS SDK for Go (v1) to implement an "Import Data From S3" functionality.
https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html
#aws
🔥1
🔷 Untangling Azure Active Directory Principals & Access Permissions
Post untangling the question of 'who has access to what' in an Azure Active Directory environment. A PowerShell tool was also released to automatically enumerate this.
https://csandker.io/2022/10/19/Untangling-Azure-Permissions.html
#azure
Post untangling the question of 'who has access to what' in an Azure Active Directory environment. A PowerShell tool was also released to automatically enumerate this.
https://csandker.io/2022/10/19/Untangling-Azure-Permissions.html
#azure
🔥3
Для безопасной работы над совместным проектом важно уметь управлять полномочиями и правами доступа. Этой теме посвящён наш вебинар «Тонкости управления пользователями и доступом в облачном окружении». На примере Yandex Identity and Access Management — сервиса идентификации и контроля доступа — мы расскажем, как выстроить процессы так, чтобы все операции над ресурсами выполнялись только пользователями с необходимыми правами.
На встрече мы разберём различные сценарии работы, важные технические особенности сервиса IAM и затронем следующие темы:
• рекомендации по выстраиванию ресурсной модели;
• возможности ролевой модели;
• привилегированные пользователи и безопасность их учётных записей;
• работа с группами пользователей;
• события безопасности, связанные с управлением пользователями и группами.
Вебинар будет полезен архитекторам, разработчикам, специалистам по безопасности уровня middle+.
Зарегистрироваться на вебинар ➡️
На встрече мы разберём различные сценарии работы, важные технические особенности сервиса IAM и затронем следующие темы:
• рекомендации по выстраиванию ресурсной модели;
• возможности ролевой модели;
• привилегированные пользователи и безопасность их учётных записей;
• работа с группами пользователей;
• события безопасности, связанные с управлением пользователями и группами.
Вебинар будет полезен архитекторам, разработчикам, специалистам по безопасности уровня middle+.
Зарегистрироваться на вебинар ➡️
🔥2