🔶 Building an AWS GuardDuty Alert Triage Age
This article explores building an AI agent for AWS GuardDuty alert triage using PydanticAI, demonstrating how LLMs can assist in security automation while maintaining human oversight for alert assessment.
https://dev.to/aws-builders/building-an-aws-guardduty-alert-triage-agent-51e9
#aws
This article explores building an AI agent for AWS GuardDuty alert triage using PydanticAI, demonstrating how LLMs can assist in security automation while maintaining human oversight for alert assessment.
https://dev.to/aws-builders/building-an-aws-guardduty-alert-triage-agent-51e9
#aws
❤2👍1🔥1
🔶🔷🔴 Cloud Threat Horizons Report
The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers.
https://services.google.com/fh/files/misc/cloud_threat_horizons_report_h22025.pdf
(Use VPN to open from Russia)
#aws #azure #gcp
The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers.
https://services.google.com/fh/files/misc/cloud_threat_horizons_report_h22025.pdf
(Use VPN to open from Russia)
#aws #azure #gcp
❤1👍1🔥1
🔶 An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory
Discover critical AWS Managed Active Directory security vulnerabilities enabling RBCD attacks via ms-ds-MachineAccountQuota. Learn mitigation strategies and detection methods for AWS Directory Service environments.
https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory
(Use VPN to open from Russia)
#aws
Discover critical AWS Managed Active Directory security vulnerabilities enabling RBCD attacks via ms-ds-MachineAccountQuota. Learn mitigation strategies and detection methods for AWS Directory Service environments.
https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Aren't AWS Cloud Investigations the same as On-Prem? - Part 1 (AWS EC2)
Mini-series to discuss the similarities and differences of AWS Cloud vs. on-premises investigations, starting with the AWS EC2 service.
https://chesterlebron.blogspot.com/2025/07/arent-aws-cloud-investigations-same-as-on-prem-part-1.html
#aws
Mini-series to discuss the similarities and differences of AWS Cloud vs. on-premises investigations, starting with the AWS EC2 service.
https://chesterlebron.blogspot.com/2025/07/arent-aws-cloud-investigations-same-as-on-prem-part-1.html
#aws
❤2👍1🔥1
🔶 AWS AgentCore: The Overlooked Privilege Escalation Path in Bedrock's AI Tooling
Deep-dive into a privilege escalation path in AWS's new Bedrock AgentCore tooling, specifically the Code Interpreters used by AI agents.
https://sonraisecurity.com/blog/aws-agentcore-privilege-escalation-bedrock-scp-fix/
(Use VPN to open from Russia)
#aws
Deep-dive into a privilege escalation path in AWS's new Bedrock AgentCore tooling, specifically the Code Interpreters used by AI agents.
https://sonraisecurity.com/blog/aws-agentcore-privilege-escalation-bedrock-scp-fix/
(Use VPN to open from Russia)
#aws
🔥2❤1👍1
This article explores techniques for extracting credentials from Azure DevOps pipelines, including workload identity federation tokens and service connection secrets, while discussing potential impacts on Terraform Cloud and GitHub resources.
https://labs.reversec.com/posts/2025/07/breaking-down-azure-devops-techniques-for-extracting-pipeline-credentials
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔴 Introducing Google Cloud Setup
Google Cloud Setup helps you quickly implement a robust cloud foundation based on recommended best practices, to get up and running quickly.
https://cloud.google.com/blog/products/devops-sre/introducing-google-cloud-setup/
(Use VPN to open from Russia)
#gcp
Google Cloud Setup helps you quickly implement a robust cloud foundation based on recommended best practices, to get up and running quickly.
https://cloud.google.com/blog/products/devops-sre/introducing-google-cloud-setup/
(Use VPN to open from Russia)
#gcp
👍3❤1🔥1
🔶 Secure file sharing solutions in AWS: A security and cost analysis guide
Securely share sensitive data with time-limited, nonce-enhanced presigned URLs that prevent replay attacks, minimizing exposure risks through granular access controls and rigorous monitoring.
https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/
(Use VPN to open from Russia)
#aws
Securely share sensitive data with time-limited, nonce-enhanced presigned URLs that prevent replay attacks, minimizing exposure risks through granular access controls and rigorous monitoring.
https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/
(Use VPN to open from Russia)
#aws
❤2👍1🔥1
🔶 Secure file sharing solutions in AWS: A security and cost analysis guide: Part 2
In this second part of a two-part post, you can learn about multiple solutions for secure file sharing using AWS services and the pros and cons of each.
https://aws.amazon.com/ru/blogs/security/secure-file-sharing-solutions-in-aws-a-security-and-cost-analysis-guide-part-2/
(Use VPN to open from Russia)
#aws
In this second part of a two-part post, you can learn about multiple solutions for secure file sharing using AWS services and the pros and cons of each.
https://aws.amazon.com/ru/blogs/security/secure-file-sharing-solutions-in-aws-a-security-and-cost-analysis-guide-part-2/
(Use VPN to open from Russia)
#aws
❤2👍1🔥1
🔶 Implementing Defense-in-Depth Security for AWS CodeBuild Pipelines
Key points include understanding webhook configurations, establishing trust boundaries, and implementing least-privilege access.
https://aws.amazon.com/ru/blogs/security/implementing-defense-security-for-aws-codebuild-pipelines/
(Use VPN to open from Russia)
#aws
Key points include understanding webhook configurations, establishing trust boundaries, and implementing least-privilege access.
https://aws.amazon.com/ru/blogs/security/implementing-defense-security-for-aws-codebuild-pipelines/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Under the Hood of Amazon ECS on EC2: Agents, IAM Roles, and Task Isolation | Naor Haziz
This deep-dive explores Amazon ECS on EC2's internals, focusing on the ECS agent's role, IAM credential delivery mechanisms, and task isolation boundaries between containers sharing the same host.
https://naorhaziz.com/posts/under-the-hood-of-amazon-ecs/
#aws
This deep-dive explores Amazon ECS on EC2's internals, focusing on the ECS agent's role, IAM credential delivery mechanisms, and task isolation boundaries between containers sharing the same host.
https://naorhaziz.com/posts/under-the-hood-of-amazon-ecs/
#aws
❤1👍1🔥1
🔶 ECScape: Understanding IAM Privilege Boundaries in Amazon ECS
This article details "ECScape," a technique allowing malicious containers in Amazon ECS to steal IAM credentials from other tasks on shared EC2 hosts by impersonating the ECS agent's control plane connection.
https://www.sweet.security/blog/ecscape-understanding-iam-privilege-boundaries-in-amazon-ecs
#aws
This article details "ECScape," a technique allowing malicious containers in Amazon ECS to steal IAM credentials from other tasks on shared EC2 hosts by impersonating the ECS agent's control plane connection.
https://www.sweet.security/blog/ecscape-understanding-iam-privilege-boundaries-in-amazon-ecs
#aws
❤2👍1🔥1
The Praetoran Labs team researched initial access vectors for red team engagements, focusing on malicious applications distributed through platforms like the Microsoft Store, including OAuth applications and malicious Outlook extensions.
https://www.praetorian.com/blog/oauthseeker-leveraging-oauth-phishing-for-initial-access-and-lateral-movement-on-red-team-engagements/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Malware analysis on AWS: Setting up a secure environment
The basic steps to build isolated sandbox environments, robust security controls, and proper monitoring policies to safely analyze malware.
https://aws.amazon.com/ru/blogs/security/malware-analysis-on-aws-setting-up-a-secure-environment/
#aws
The basic steps to build isolated sandbox environments, robust security controls, and proper monitoring policies to safely analyze malware.
https://aws.amazon.com/ru/blogs/security/malware-analysis-on-aws-setting-up-a-secure-environment/
#aws
❤2👍2🔥2
🔶 Introducing AWS Cloud Control API MCP Server
This MCP server allows to create, read, update, delete, and list resources using natural language.
https://aws.amazon.com/ru/blogs/devops/introducing-aws-cloud-control-api-mcp-server-natural-language-infrastructure-management-on-aws/
(Use VPN to open from Russia)
#aws
This MCP server allows to create, read, update, delete, and list resources using natural language.
https://aws.amazon.com/ru/blogs/devops/introducing-aws-cloud-control-api-mcp-server-natural-language-infrastructure-management-on-aws/
(Use VPN to open from Russia)
#aws
🔥2❤1👍1
🔶 Using AWS Certificate Manager as a covert exfiltration mechanism
This article demonstrates how AWS Certificate Manager can be exploited as a data exfiltration mechanism by storing arbitrary data in X.509 certificates' nsComments extension, allowing up to 2MB per certificate.
https://me.costaskou.com/articles/acmfs/
#aws
This article demonstrates how AWS Certificate Manager can be exploited as a data exfiltration mechanism by storing arbitrary data in X.509 certificates' nsComments extension, allowing up to 2MB per certificate.
https://me.costaskou.com/articles/acmfs/
#aws
❤1👍1🔥1
🔶 Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
https://securitylabs.datadoghq.com/articles/enumerating-aws-the-quiet-way-cloudtrail-free-discovery-with-resource-explorer/
#aws
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
https://securitylabs.datadoghq.com/articles/enumerating-aws-the-quiet-way-cloudtrail-free-discovery-with-resource-explorer/
#aws
❤1👍1🔥1
🔶 Another ECS Privilege Escalation Path
Post covering a privilege escalation vector which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition.
https://labs.reversec.com/posts/2025/08/another-ecs-privilege-escalation-path
#aws
Post covering a privilege escalation vector which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition.
https://labs.reversec.com/posts/2025/08/another-ecs-privilege-escalation-path
#aws
❤1👍1🔥1
🔴 Now available: Cloud HSM as an encryption key service for Workspace client-side encryption
To help highly-regulated organizations meet their encryption key service obligation, Google is now offering Cloud HSM for Google Workspace CSE customers.
https://cloud.google.com/blog/products/identity-security/introducing-cloud-hsm-as-an-encryption-key-service-for-workspace-cse/
#gcp
To help highly-regulated organizations meet their encryption key service obligation, Google is now offering Cloud HSM for Google Workspace CSE customers.
https://cloud.google.com/blog/products/identity-security/introducing-cloud-hsm-as-an-encryption-key-service-for-workspace-cse/
#gcp
👍2❤1🔥1
🔴 From silos to synergy: New Compliance Manager, now in preview
Google Cloud Compliance Manager, now in preview, can help simplify and enhance how organizations manage security, privacy, and compliance in the cloud.
https://cloud.google.com/blog/products/identity-security/streamline-auditing-compliance-manager-is-now-in-preview/
#gcp
Google Cloud Compliance Manager, now in preview, can help simplify and enhance how organizations manage security, privacy, and compliance in the cloud.
https://cloud.google.com/blog/products/identity-security/streamline-auditing-compliance-manager-is-now-in-preview/
#gcp
❤1👍1🔥1