На связи команда рекрутинга Yandex Cloud и Инфраструктуры Яндекса.
Мы на две недели включаем турбо-режим и готовы нанимать backend-разработчиков и SRE за 2-3 дня.
Собрали всю информацию в telegram-канал: https://t.me/cloud_track
Решайте задания Яндекс Контеста до 23 октября 2022 и присоединяйтесь к нам!
Будем вместе строить и развивать мощное облако.
#advertising
Мы на две недели включаем турбо-режим и готовы нанимать backend-разработчиков и SRE за 2-3 дня.
Собрали всю информацию в telegram-канал: https://t.me/cloud_track
Решайте задания Яндекс Контеста до 23 октября 2022 и присоединяйтесь к нам!
Будем вместе строить и развивать мощное облако.
#advertising
👍3👎3
🔶 Lateral movement risks in the cloud and how to prevent them - Part 1: the network layer (VPC)
Post introducing lateral movement as it pertains to VPCs. It discusses attacker TTPs, and outlines best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-1-the-network-layer
#aws
Post introducing lateral movement as it pertains to VPCs. It discusses attacker TTPs, and outlines best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-1-the-network-layer
#aws
🔥3
🔶 You should have lots of AWS accounts
Lots of AWS accounts working together in harmony will net you a more secure, more reliable, and more compliant cloud infrastructure.
https://src-bin.com/you-should-have-lots-of-aws-accounts
#aws
Lots of AWS accounts working together in harmony will net you a more secure, more reliable, and more compliant cloud infrastructure.
https://src-bin.com/you-should-have-lots-of-aws-accounts
#aws
Src-Bin
You should have lots of aws accounts
An article about AWS and Substrate
👍1
🔶 tuladhar/cleanup-aws-access-keys
A cloud security tool to search and clean up unused AWS access keys, written in Go, by Puru Tuladhar.
https://github.com/tuladhar/cleanup-aws-access-keys
#aws
A cloud security tool to search and clean up unused AWS access keys, written in Go, by Puru Tuladhar.
https://github.com/tuladhar/cleanup-aws-access-keys
#aws
👍1🔥1
🔷 FabriXss: How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
The Orca Research Pod has discovered FabriXss a vulnerability in Azure Service Fabric Explorer that allows attackers to gain full Administrator permissions.
https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer
#azure
The Orca Research Pod has discovered FabriXss a vulnerability in Azure Service Fabric Explorer that allows attackers to gain full Administrator permissions.
https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer
#azure
🔥1
🔶 The Danger of Falling to System Role in AWS SDK Client
Writeup of a vulnerability identified in a web application that was using the AWS SDK for Go (v1) to implement an "Import Data From S3" functionality.
https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html
#aws
Writeup of a vulnerability identified in a web application that was using the AWS SDK for Go (v1) to implement an "Import Data From S3" functionality.
https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html
#aws
🔥1
🔷 Untangling Azure Active Directory Principals & Access Permissions
Post untangling the question of 'who has access to what' in an Azure Active Directory environment. A PowerShell tool was also released to automatically enumerate this.
https://csandker.io/2022/10/19/Untangling-Azure-Permissions.html
#azure
Post untangling the question of 'who has access to what' in an Azure Active Directory environment. A PowerShell tool was also released to automatically enumerate this.
https://csandker.io/2022/10/19/Untangling-Azure-Permissions.html
#azure
🔥3
Для безопасной работы над совместным проектом важно уметь управлять полномочиями и правами доступа. Этой теме посвящён наш вебинар «Тонкости управления пользователями и доступом в облачном окружении». На примере Yandex Identity and Access Management — сервиса идентификации и контроля доступа — мы расскажем, как выстроить процессы так, чтобы все операции над ресурсами выполнялись только пользователями с необходимыми правами.
На встрече мы разберём различные сценарии работы, важные технические особенности сервиса IAM и затронем следующие темы:
• рекомендации по выстраиванию ресурсной модели;
• возможности ролевой модели;
• привилегированные пользователи и безопасность их учётных записей;
• работа с группами пользователей;
• события безопасности, связанные с управлением пользователями и группами.
Вебинар будет полезен архитекторам, разработчикам, специалистам по безопасности уровня middle+.
Зарегистрироваться на вебинар ➡️
На встрече мы разберём различные сценарии работы, важные технические особенности сервиса IAM и затронем следующие темы:
• рекомендации по выстраиванию ресурсной модели;
• возможности ролевой модели;
• привилегированные пользователи и безопасность их учётных записей;
• работа с группами пользователей;
• события безопасности, связанные с управлением пользователями и группами.
Вебинар будет полезен архитекторам, разработчикам, специалистам по безопасности уровня middle+.
Зарегистрироваться на вебинар ➡️
🔥2
🔶 How to list all resources in your AWS account
You may have been there before: you got access to an AWS account and just want to list which resources are configured in it. The seemingly simple task of listing all resources quickly turns out to be complicated.
https://awstip.com/how-to-list-all-resources-in-your-aws-account-c3f18061f71b
#aws
You may have been there before: you got access to an AWS account and just want to list which resources are configured in it. The seemingly simple task of listing all resources quickly turns out to be complicated.
https://awstip.com/how-to-list-all-resources-in-your-aws-account-c3f18061f71b
#aws
🔥1
🔶🔷 Enrich AWS account data in Microsoft Sentinel
As organisations are integrating Amazon Web Services data sources with Microsoft Sentinel, many are facing a common problem: how to identify AWS resources and handle contextual data such as AWS account information for alerts and incidents?
https://secopslab.fi/2022-10-microsoftsentinel-awswatchlist
#aws #azure
As organisations are integrating Amazon Web Services data sources with Microsoft Sentinel, many are facing a common problem: how to identify AWS resources and handle contextual data such as AWS account information for alerts and incidents?
https://secopslab.fi/2022-10-microsoftsentinel-awswatchlist
#aws #azure
🔥1
🔶 AWS Security Groups Guide
Knowing how security groups & NACLs work together is extremely important for controlling network traffic to your instances & subnets.
https://sysdig.com/blog/aws-security-groups-guide
(Use VPN if you can’t open it)
#aws
Knowing how security groups & NACLs work together is extremely important for controlling network traffic to your instances & subnets.
https://sysdig.com/blog/aws-security-groups-guide
(Use VPN if you can’t open it)
#aws
🔥1
🔶 flosell/trailscraper
By Thoughtworks’s Florian Sellmayr: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies.
https://github.com/flosell/trailscraper
#aws
By Thoughtworks’s Florian Sellmayr: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies.
https://github.com/flosell/trailscraper
#aws
GitHub
GitHub - flosell/trailscraper: A command-line tool to get valuable information out of AWS CloudTrail
A command-line tool to get valuable information out of AWS CloudTrail - flosell/trailscraper
🔥1
🔴 Announcing Sensitive Actions to help keep accounts secure
Google introduced Sensitive Actions, a new way to understand user account behaviour. They are changes made in a Google Cloud environment that are security relevant, and therefore important to be aware of and evaluate.
https://cloud.google.com/blog/products/identity-security/announcing-sensitive-actions-to-help-keep-accounts-secure
#gcp
Google introduced Sensitive Actions, a new way to understand user account behaviour. They are changes made in a Google Cloud environment that are security relevant, and therefore important to be aware of and evaluate.
https://cloud.google.com/blog/products/identity-security/announcing-sensitive-actions-to-help-keep-accounts-secure
#gcp
🔥2
🔶 cloudandthings/terraform-aws-clickops-notifier
Get notified when users are taking actions in the AWS Console.
https://github.com/cloudandthings/terraform-aws-clickops-notifier
#aws
Get notified when users are taking actions in the AWS Console.
https://github.com/cloudandthings/terraform-aws-clickops-notifier
#aws
GitHub
GitHub - cloudandthings/terraform-aws-clickops-notifier: Get notified when actions are taken in the AWS Console.
Get notified when actions are taken in the AWS Console. - cloudandthings/terraform-aws-clickops-notifier
🔥2
🔶 Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles
IAM Access Analyzer policy generation creates fine-grained policies based on your AWS CloudTrail access activity—for example, the actions you use with ECS, Lambda and S3. AWS has expanded policy generation capabilities to support the identification of actions used from over 140 services, including CloudFormation, DynamoDB, and SQS.
https://aws.amazon.com/ru/blogs/security/use-iam-access-analyzer-policy-generation-to-grant-fine-grained-permissions-for-your-aws-cloudformation-service-roles
IAM Access Analyzer policy generation creates fine-grained policies based on your AWS CloudTrail access activity—for example, the actions you use with ECS, Lambda and S3. AWS has expanded policy generation capabilities to support the identification of actions used from over 140 services, including CloudFormation, DynamoDB, and SQS.
https://aws.amazon.com/ru/blogs/security/use-iam-access-analyzer-policy-generation-to-grant-fine-grained-permissions-for-your-aws-cloudformation-service-roles
🔥1
🔷 CosMiss: Azure Cosmos DB Vulnerability
The Orca Research team has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from Cosmos DB Notebooks.
https://orca.security/resources/blog/cosmiss-vulnerability-azure-cosmos-db
#azure
The Orca Research team has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from Cosmos DB Notebooks.
https://orca.security/resources/blog/cosmiss-vulnerability-azure-cosmos-db
#azure
🔥2
🔶🔴 Exploiting Static Site Generators: When Static Is Not Actually Static
The Assetnote security research team found vulnerabilities in static site generators (such as GatsbyJS and NextJS) and associated platforms (Netlify and GatsbyJS Cloud), which enabled SSRF.
https://blog.assetnote.io/2022/10/28/exploiting-static-site-generators
#aws #gcp
The Assetnote security research team found vulnerabilities in static site generators (such as GatsbyJS and NextJS) and associated platforms (Netlify and GatsbyJS Cloud), which enabled SSRF.
https://blog.assetnote.io/2022/10/28/exploiting-static-site-generators
#aws #gcp
🔥2
🔶 Internet Egress Filtering of Services at Lyft
How the Security team of Lyft achieved egress network traffic filtering for all their services.
https://eng.lyft.com/internet-egress-filtering-of-services-at-lyft-72e99e29a4d9?gi=983e70aa4ceb
#aws
How the Security team of Lyft achieved egress network traffic filtering for all their services.
https://eng.lyft.com/internet-egress-filtering-of-services-at-lyft-72e99e29a4d9?gi=983e70aa4ceb
#aws
🔥2
🔶 Vault DR with AWS Lambda for Sub-Minute Recovery
How YNAP used AWS Lambda functions to reduce the disaster recovery time for HashiCorp Vault to mere seconds.
https://www.hashicorp.com/resources/vault-dr-with-aws-lambda-for-sub-minute-recovery
#aws
How YNAP used AWS Lambda functions to reduce the disaster recovery time for HashiCorp Vault to mere seconds.
https://www.hashicorp.com/resources/vault-dr-with-aws-lambda-for-sub-minute-recovery
#aws
HashiCorp
Vault DR with AWS Lambda for Sub-Minute Recovery
Hear how YNAP used AWS Lambda functions to reduce the disaster recovery time for HashiCorp Vault to mere seconds.
👍2🔥1
🔶 AWS security assessment: what scanners are missing and how threat modeling may help you?
SoftServe’s Pawel Rzepa discusses what scanners are missing and why he think tools cannot fully replace a human assessor in performing an effective AWS security assessment. Key points: scanners lack context, more findings don’t mean a better result, scanners may have security check gaps, skipped data flows and relations. Address these gaps via threat modeling.
https://towardsaws.com/aws-security-assessment-what-scanners-are-missing-and-how-threat-modeling-may-help-you-6a76c1c843f3
#aws
SoftServe’s Pawel Rzepa discusses what scanners are missing and why he think tools cannot fully replace a human assessor in performing an effective AWS security assessment. Key points: scanners lack context, more findings don’t mean a better result, scanners may have security check gaps, skipped data flows and relations. Address these gaps via threat modeling.
https://towardsaws.com/aws-security-assessment-what-scanners-are-missing-and-how-threat-modeling-may-help-you-6a76c1c843f3
#aws
👍3
🔷 Bypassing Azure AD home tenant MFA and CA
Because of the Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants.
https://aadinternals.com/post/ests
#azure
Because of the Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants.
https://aadinternals.com/post/ests
#azure
🔥2