ch
Feedback
CloudSec Wine

CloudSec Wine

前往频道在 Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

显示更多
2 239
订阅者
+424 小时
+117
+1530
帖子存档
🔶 AWS ECR Public Vulnerability A vulnerability that allowed external actors to delete, update, and create ECR Public images,
🔶 AWS ECR Public Vulnerability A vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing undocumented internal ECR Public API actions. https://blog.lightspin.io/aws-ecr-public-vulnerability #aws

🔴 ine-labs/GCPGoat A vulnerable by design infrastructure on GCP featuring the latest released OWASP Top 10 web application s
🔴 ine-labs/GCPGoat A vulnerable by design infrastructure on GCP featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, Storage Bucket, Cloud Functions and Compute Engine. https://github.com/ine-labs/GCPGoat #gcp

🔶🔷🔴 Visualizing Multi Cloud IAM Concepts Some diagrams to understand key AWS, Azure and GCP IAM concepts and terminology.
🔶🔷🔴 Visualizing Multi Cloud IAM Concepts Some diagrams to understand key AWS, Azure and GCP IAM concepts and terminology. https://julian-wieg.medium.com/visualizing-multi-cloud-iam-concepts-63525967c0a7 #aws #azure #gcp

🔷 Palantir's FIDO2 secure implementation rollout The second in a series by Palantir InfoSec on their journey enforcing FIDO2
🔷 Palantir's FIDO2 secure implementation rollout The second in a series by Palantir InfoSec on their journey enforcing FIDO2 authentication via hardware authenticators (YubiKeys) across all of Palantir. https://blog.palantir.com/technical-controls-rollout-and-edge-cases-passwordless-authentication-series-2-c9b6dcd349e #azure

🔶 Recap of AWS re:Invent 2022: An Honest Review Properly assess whether all those announcements should mean anything to you;
🔶 Recap of AWS re:Invent 2022: An Honest Review Properly assess whether all those announcements should mean anything to you; here's the ultimate AWS re:Invent 2022 recap you were looking for. https://www.resmo.com/blog/aws-reinvent-2022-recap #aws

🔷 Explore the new Learn Kubernetes with Google website The new website Learn Kubernetes with Google brings together under on
🔷 Explore the new Learn Kubernetes with Google website The new website Learn Kubernetes with Google brings together under one roof the guidance of Kubernetes experts, both from Google and across the industry, to communicate the latest trends in building your Kubernetes infrastructure. https://opensource.googleblog.com/2022/11/explore-new-learn-kubernetes-with-google-website.html #azure

🔶 Protect Sensitive Data with Amazon CloudWatch Logs A new set of capabilities for Amazon CloudWatch Logs that leverage patt
🔶 Protect Sensitive Data with Amazon CloudWatch Logs A new set of capabilities for Amazon CloudWatch Logs that leverage pattern matching and machine learning (ML) to detect and protect sensitive log data in transit. https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure #aws

🔷 Low-latency fraud detection with Cloud Bigtable Explore the end to end flow of detecting fraudulent payments with a low-la
🔷 Low-latency fraud detection with Cloud Bigtable Explore the end to end flow of detecting fraudulent payments with a low-latency and horizontally scalable system powered by tools like Bigtable. https://cloud.google.com/blog/products/databases/fraud-detection-with-cloud-bigtable #azure

🔶 Amazon Security Lake A purpose-built service that automatically centralizes an organization's security data from cloud and
🔶 Amazon Security Lake A purpose-built service that automatically centralizes an organization's security data from cloud and on-premises sources into a purpose-built data lake stored in your account. https://aws.amazon.com/ru/blogs/aws/preview-amazon-security-lake-a-purpose-built-customer-owned-data-lake-service #aws

🔷 Yet Another Azure VM Persistence Using Bastion Shareable Links These links have no additional authentication and are publi
🔷 Yet Another Azure VM Persistence Using Bastion Shareable Links These links have no additional authentication and are publicly accessible. https://blog.karims.cloud/2022/11/26/yet-another-azure-vm-persistence.html #azure

🔶 reply-fr/sustainable-personal-accounts Add custom maintenance windows for AWS accounts - purge and prepare resources autom
🔶 reply-fr/sustainable-personal-accounts Add custom maintenance windows for AWS accounts - purge and prepare resources automatically. https://github.com/reply-fr/sustainable-personal-accounts #aws

🔶 AWS pre:Invent 2022 Chris Farris highlights AWS's interesting and impactful security announcements in the lead-up to AWS r
🔶 AWS pre:Invent 2022 Chris Farris highlights AWS's interesting and impactful security announcements in the lead-up to AWS re:Invent. https://steampipe.io/blog/pre-invent-2022 #aws

🔶🔴 Email Graffiti: hacking old email Hacking images in old Emails, by registering the buckets or domains they point to, all
🔶🔴 Email Graffiti: hacking old email Hacking images in old Emails, by registering the buckets or domains they point to, allows to vandalize old emails. https://trufflesecurity.com/blog/email-graffiti #aws #gcp

🔷 A dive into Microsoft Defender for Identity Synacktiv recently analyzed the detection capabilities of Microsoft Defender f
🔷 A dive into Microsoft Defender for Identity Synacktiv recently analyzed the detection capabilities of Microsoft Defender for Identity, a cloud-based security solution which is the successor of Microsoft Advanced Threat Analytics and part of Microsoft Defender 365. https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html #azure

🔶 A Confused Deputy Vulnerability in AWS AppSync A cross-tenant vulnerability in AWS AppSync, which allowed an attacker to a
🔶 A Confused Deputy Vulnerability in AWS AppSync A cross-tenant vulnerability in AWS AppSync, which allowed an attacker to access data in victims' accounts. https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure #aws

🔷 Layers Of Cloud Azure And The Mis Storage Of Secrets Ever wondered how storing secrets in the cloud can go wrong? This talk by Katie Knowles at BSides Toronto 2022 looks at common ways passwords should be stored. https://youtu.be/SmxEvVg6Fe8 #azure

🔶 The Many Ways to Access RDS An overview of RDS access management capabilities along with examples using Terraform. https:/
🔶 The Many Ways to Access RDS An overview of RDS access management capabilities along with examples using Terraform. https://blog.symops.com/2022/11/17/rds-access #aws

🔷 Abusing tcp tunneling in Azure Bastion How Azure Bastion Native Client support works, and how an adversary could abuse thi
🔷 Abusing tcp tunneling in Azure Bastion How Azure Bastion Native Client support works, and how an adversary could abuse this feature to perform attacks against Azure VMs over private IP addresses, without having direct network connectivity to the VM. https://codyburkard.com/blog/bastionabuse #azure

🔶 Infosys leaked FullAdminAccess AWS keys on PyPi for over a year They appear to issue AWS keys to developers that are not r
🔶 Infosys leaked FullAdminAccess AWS keys on PyPi for over a year They appear to issue AWS keys to developers that are not rotated for several years and store these keys in git. They also don't have a clear place to report security issues like this. https://tomforb.es/infosys-leaked-fulladminaccess-aws-keys-on-pypi-for-over-a-year #aws

🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multif
🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft #azure