ar
Feedback
CloudSec Wine

CloudSec Wine

الذهاب إلى القناة على Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

إظهار المزيد
2 235
المشتركون
-124 ساعات
+57 أيام
+1230 أيام
أرشيف المشاركات
🔷 Abusing tcp tunneling in Azure Bastion How Azure Bastion Native Client support works, and how an adversary could abuse thi
🔷 Abusing tcp tunneling in Azure Bastion How Azure Bastion Native Client support works, and how an adversary could abuse this feature to perform attacks against Azure VMs over private IP addresses, without having direct network connectivity to the VM. https://codyburkard.com/blog/bastionabuse #azure

🔶 Infosys leaked FullAdminAccess AWS keys on PyPi for over a year They appear to issue AWS keys to developers that are not r
🔶 Infosys leaked FullAdminAccess AWS keys on PyPi for over a year They appear to issue AWS keys to developers that are not rotated for several years and store these keys in git. They also don't have a clear place to report security issues like this. https://tomforb.es/infosys-leaked-fulladminaccess-aws-keys-on-pypi-for-over-a-year #aws

🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multif
🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft #azure

🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft #azure

🔶 onemorepereira/aws-sso-reporter A tool that uses the AWS SSO API to list all users, accounts, permission sets etc. and dum
🔶 onemorepereira/aws-sso-reporter A tool that uses the AWS SSO API to list all users, accounts, permission sets etc. and dumps it into a CSV file for additional parsing or viewing. https://github.com/onemorepereira/aws-sso-reporter #aws

🔶 AWS Network Firewall Workshop A workshop teaching how to deploy Network Firewall using infrastructure as code. https://cat
🔶 AWS Network Firewall Workshop A workshop teaching how to deploy Network Firewall using infrastructure as code. https://catalog.us-east-1.prod.workshops.aws/workshops/58df66b5-ffd5-42dc-9e2c-d5a8ebe360d8/en-US #aws

🔶 FivexL's Reaction to the AWS Security Baseline for Startups FivexL shares its outlook on AWS Security Guidelines for startups. Find out how to improve your AWS security efficiently. https://fivexl.io/blog/fivexl-reaction #aws

🔶 An AWS account just for getting into other AWS accounts This is the AWS account that makes having lots of AWS accounts efficient and safe. It's the most important account in your organization. https://src-bin.com/an-aws-account-just-for-getting-into-other-aws-accounts #aws

🔷 Bypassing Azure AD home tenant MFA and CA Because of the Azure AD authentication platform architecture, users can bypass h
🔷 Bypassing Azure AD home tenant MFA and CA Because of the Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants. https://aadinternals.com/post/ests #azure

🔶 AWS security assessment: what scanners are missing and how threat modeling may help you? SoftServe’s Pawel Rzepa discusses
🔶 AWS security assessment: what scanners are missing and how threat modeling may help you? SoftServe’s Pawel Rzepa discusses what scanners are missing and why he think tools cannot fully replace a human assessor in performing an effective AWS security assessment. Key points: scanners lack context, more findings don’t mean a better result, scanners may have security check gaps, skipped data flows and relations. Address these gaps via threat modeling. https://towardsaws.com/aws-security-assessment-what-scanners-are-missing-and-how-threat-modeling-may-help-you-6a76c1c843f3 #aws

🔶 Vault DR with AWS Lambda for Sub-Minute Recovery How YNAP used AWS Lambda functions to reduce the disaster recovery time for HashiCorp Vault to mere seconds. https://www.hashicorp.com/resources/vault-dr-with-aws-lambda-for-sub-minute-recovery #aws

🔶 Internet Egress Filtering of Services at Lyft How the Security team of Lyft achieved egress network traffic filtering for
🔶 Internet Egress Filtering of Services at Lyft How the Security team of Lyft achieved egress network traffic filtering for all their services. https://eng.lyft.com/internet-egress-filtering-of-services-at-lyft-72e99e29a4d9?gi=983e70aa4ceb #aws

🔶🔴 Exploiting Static Site Generators: When Static Is Not Actually Static The Assetnote security research team found vulnerabilities in static site generators (such as GatsbyJS and NextJS) and associated platforms (Netlify and GatsbyJS Cloud), which enabled SSRF. https://blog.assetnote.io/2022/10/28/exploiting-static-site-generators #aws #gcp

🔷 CosMiss: Azure Cosmos DB Vulnerability The Orca Research team has discovered CosMiss, a vulnerability in Microsoft Azure C
🔷 CosMiss: Azure Cosmos DB Vulnerability The Orca Research team has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from Cosmos DB Notebooks. https://orca.security/resources/blog/cosmiss-vulnerability-azure-cosmos-db #azure

🔶 Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles IAM
🔶 Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles IAM Access Analyzer policy generation creates fine-grained policies based on your AWS CloudTrail access activity—for example, the actions you use with ECS, Lambda and S3. AWS has expanded policy generation capabilities to support the identification of actions used from over 140 services, including CloudFormation, DynamoDB, and SQS. https://aws.amazon.com/ru/blogs/security/use-iam-access-analyzer-policy-generation-to-grant-fine-grained-permissions-for-your-aws-cloudformation-service-roles

🔶 cloudandthings/terraform-aws-clickops-notifier Get notified when users are taking actions in the AWS Console. https://github.com/cloudandthings/terraform-aws-clickops-notifier #aws

🔴 Announcing Sensitive Actions to help keep accounts secure Google introduced Sensitive Actions, a new way to understand use
🔴 Announcing Sensitive Actions to help keep accounts secure Google introduced Sensitive Actions, a new way to understand user account behaviour. They are changes made in a Google Cloud environment that are security relevant, and therefore important to be aware of and evaluate. https://cloud.google.com/blog/products/identity-security/announcing-sensitive-actions-to-help-keep-accounts-secure #gcp

🔶 flosell/trailscraper By Thoughtworks’s Florian Sellmayr: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies. https://github.com/flosell/trailscraper #aws

🔶 AWS Security Groups Guide Knowing how security groups & NACLs work together is extremely important for controlling network
🔶 AWS Security Groups Guide Knowing how security groups & NACLs work together is extremely important for controlling network traffic to your instances & subnets. https://sysdig.com/blog/aws-security-groups-guide (Use VPN if you can’t open it) #aws

🔶 Enrich AWS account data in Microsoft Sentinel As organisations are integrating Amazon Web Services data sources with Micro
🔶 Enrich AWS account data in Microsoft Sentinel As organisations are integrating Amazon Web Services data sources with Microsoft Sentinel, many are facing a common problem: how to identify AWS resources and handle contextual data such as AWS account information for alerts and incidents? https://secopslab.fi/2022-10-microsoftsentinel-awswatchlist #aws