CloudSec Wine

🔶 ECScape: Understanding IAM Privilege Boundaries in Amazon ECS This article details "ECScape," a technique allowing malicious containers in Amazon ECS to steal IAM credentials from other tasks on shared EC2 hosts by impersonating the ECS agent's control plane connection. https://www.sweet.security/blog/ecscape-understanding-iam-privilege-boundaries-in-amazon-ecs #aws

🔶 Under the Hood of Amazon ECS on EC2: Agents, IAM Roles, and Task Isolation | Naor Haziz This deep-dive explores Amazon ECS on EC2's internals, focusing on the ECS agent's role, IAM credential delivery mechanisms, and task isolation boundaries between containers sharing the same host. https://naorhaziz.com/posts/under-the-hood-of-amazon-ecs/ #aws

🔶 Implementing Defense-in-Depth Security for AWS CodeBuild Pipelines Key points include understanding webhook configurations, establishing trust boundaries, and implementing least-privilege access. https://aws.amazon.com/ru/blogs/security/implementing-defense-security-for-aws-codebuild-pipelines/ (Use VPN to open from Russia) #aws

🔶 Secure file sharing solutions in AWS: A security and cost analysis guide: Part 2 In this second part of a two-part post, you can learn about multiple solutions for secure file sharing using AWS services and the pros and cons of each. https://aws.amazon.com/ru/blogs/security/secure-file-sharing-solutions-in-aws-a-security-and-cost-analysis-guide-part-2/ (Use VPN to open from Russia) #aws

🔶 Secure file sharing solutions in AWS: A security and cost analysis guide Securely share sensitive data with time-limited, nonce-enhanced presigned URLs that prevent replay attacks, minimizing exposure risks through granular access controls and rigorous monitoring. https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/ (Use VPN to open from Russia) #aws

🔴 Introducing Google Cloud Setup Google Cloud Setup helps you quickly implement a robust cloud foundation based on recommended best practices, to get up and running quickly. https://cloud.google.com/blog/products/devops-sre/introducing-google-cloud-setup/ (Use VPN to open from Russia) #gcp

👩‍💻 Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials This article explores techniques for extracting credentials from Azure DevOps pipelines, including workload identity federation tokens and service connection secrets, while discussing potential impacts on Terraform Cloud and GitHub resources. https://labs.reversec.com/posts/2025/07/breaking-down-azure-devops-techniques-for-extracting-pipeline-credentials #azure

🔶 AWS AgentCore: The Overlooked Privilege Escalation Path in Bedrock's AI Tooling Deep-dive into a privilege escalation path in AWS's new Bedrock AgentCore tooling, specifically the Code Interpreters used by AI agents. https://sonraisecurity.com/blog/aws-agentcore-privilege-escalation-bedrock-scp-fix/ (Use VPN to open from Russia) #aws

🔶 Aren't AWS Cloud Investigations the same as On-Prem? - Part 1 (AWS EC2) Mini-series to discuss the similarities and differences of AWS Cloud vs. on-premises investigations, starting with the AWS EC2 service. https://chesterlebron.blogspot.com/2025/07/arent-aws-cloud-investigations-same-as-on-prem-part-1.html #aws

🔶 An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory Discover critical AWS Managed Active Directory security vulnerabilities enabling RBCD attacks via ms-ds-MachineAccountQuota. Learn mitigation strategies and detection methods for AWS Directory Service environments. https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory (Use VPN to open from Russia) #aws

🔶🔷🔴 Cloud Threat Horizons Report The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers. https://services.google.com/fh/files/misc/cloud_threat_horizons_report_h22025.pdf (Use VPN to open from Russia) #aws #azure #gcp

🔶 Building an AWS GuardDuty Alert Triage Age This article explores building an AI agent for AWS GuardDuty alert triage using PydanticAI, demonstrating how LLMs can assist in security automation while maintaining human oversight for alert assessment. https://dev.to/aws-builders/building-an-aws-guardduty-alert-triage-agent-51e9 #aws

🔴 How to enable Secure Boot for your AI workloads Secure Boot can help protect AI from the moment GPU-accelerated workloads power up. Here's how to use it on Google Cloud. https://cloud.google.com/blog/products/identity-security/how-to-enable-secure-boot-for-your-ai-workloads/ #gcp

🔶 Implement monitoring for Amazon EKS with managed services This solution demonstrates building an EKS platform that combines flexible compute options with enterprise-grade observability using AWS native services and OpenTelemetry. https://aws.amazon.com/ru/blogs/architecture/implement-monitoring-for-amazon-eks-with-managed-services/ (Use VPN to open from Russia) #aws

👩‍💻 Introducing Microsoft Sentinel data lake Sentinel data lake, rolling out in Public Preview, giving security teams a powerful, cost-effective way to unify, retain, and analyze all security data. https://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-microsoft-sentinel-data-lake/4434280 #azure

🔴 Zigazoo too, Another Firebase Boogaloo Zigazoo, a social network for kids, has been found to have significant security vulnerabilities, including unauthorized access to user records, content, and account escalation, all related to Firebase. https://amenbreakpoint.com/posts/zigazoo/ #gcp

🔴 Searching for Secrets in Public GCP Images Truffle Security scanned 8,400+ public GCP images and did not find a single exposed secret. https://trufflesecurity.com/blog/guest-post-gcp-cloudquarry-searching-for-secrets-in-public-gcp-images (Use VPN to open from Russia) #gcp

🔶 Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory Post discussing several critical AWS Managed Active Directory security vulnerabilities enabling RBCD attacks via ms-ds-MachineAccountQuota. https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory #aws

👩‍💻 I SPy: Escalating to Entra ID's Global Admin with a first-party app Backdooring Microsoft's applications is far from over. A vulnerable, built-in SP that could have allowed escalation from Application Administrator to any hybrid tenant user, including Global Admin, was discovered. https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/ #azure