CloudSec Wine

🔶 When and where to use IAM permissions boundaries AWS’s Umair Rehmat covers common use cases for permissions boundaries, some best practices to consider, and a few things to avoid. https://aws.amazon.com/ru/blogs/security/when-and-where-to-use-iam-permissions-boundaries #aws

🔶 AWS Startup Security Baseline Guidance by AWS’ Jay Michael on a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility. https://docs.aws.amazon.com/prescriptive-guidance/latest/aws-startup-security-baseline/welcome.html #aws

🔷 Azure/aztfy A tool to bring existing Azure resources under Terraform’s management. https://github.com/Azure/aztfy #azure

🔶🔷🔴 Securing Cloud Services against Squatting Attacks Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure. https://pauley.me/post/2022/secure-cloud-decomissioning #aws #azure #gcp

🔶🔷🔴 google/cloud-forensics-utils A Python library to carry out DFIR analysis on the cloud. Currently supports GCP, Azure, and AWS. https://github.com/google/cloud-forensics-utils #aws #azure #gcp

🔶 A Review of the AWS Security Model AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community? https://www.nojones.net/posts/a-review-of-the-aws-security-maturity-model #aws

🔷 Automating Azure Abuse Research A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities. https://posts.specterops.io/automating-azure-abuse-research-part-1-30b0eca33418 #azure

🔶🔷🔴 A Look Into Public Clouds From the Ransomware Actor's Perspective Article exploring how ransomware threat actors might operate in cloud environments, and what approaches they might use to attack and impact resources in public clouds. https://unit42.paloaltonetworks.com/ransomware-in-public-clouds #aws #azure #gcp

🔶🔴 Implementing Secure Code in the Cloud Learn how to implement security in the cloud at the application layer. https://scalesec.com/blog/implementing-secure-code-in-the-cloud #aws #gcp

🔶 Zero Maintenance AWS Canary Tokens That Scale By utilizing temporary credentials (credentials returned as the result of the AssumeRole operation) as honeytokens, we can deploy a honeytoken approach that scales with our environment, utilize existing detection mechanisms (CloudTrail alerting), and remove the need to run a set of infrastructure dedicated to managing IAM Users. https://medium.com/@williambengtson/zero-maintenance-aws-canary-tokens-that-scale-b470c6f60da #aws

🔴 Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms Researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges. You can also read GKE's response. https://static.sched.com/hosted_files/kccnceu2022/35/Trampoline%20Pods_%20Node%20to%20Admin%20PrivEsc%20Built%20Into%20Popular%20K8s%20Platforms.pptx.pdf https://security.googleblog.com/2022/05/privileged-pod-escalations-in.html #gcp

🔶 Learning from AWS Customer Security Incidents [2022] Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks. https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022 #aws

🔶 GitHub Actions signing Lambda code Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks. https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b #aws

🔶 GitHub Actions signing Lambda code A walkthrough on how to sign AWS Lambda function code built with GitHub Actions. https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b #aws

🔶 Securing AWS Lambda function URLs Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them. https://www.wiz.io/blog/securing-aws-lambda-function-urls #aws

🔶 TOOLS THAT USE AWS LOGS TO HELP WITH LEAST PRIVILEGE This article explores a few tools that use AWS logs to help you create least privilege policies. Getting to the right policies can be an ongoing game of whack-a-mole and no tool can generate perfect policies with no effort. They all require you to put thought into your approach and do last-mile tweaking but they can help with the toil. https://blog.symops.com/2022/05/06/least-privilege-policies-from-aws-logs #aws

🔶 Security reference architecture for a serverless application A walkthrough of security controls for a serverless architecture via a demo application. https://anunay-bhatt.medium.com/security-reference-architecture-for-a-serverless-application-2fcd25b1d5e2 #aws

🔷 Azure Synapse Security Advisory - Orca Security Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants. https://orca.security/resources/blog/azure-synapse-analytics-security-advisory #azure

🔴 How many of your GCP buckets are publicly accessible? It might be more than you think... A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended. https://blog.lightspin.io/gcp-buckets-publicly-accessible #gcp

🔶 Tools That Use AWS Logs to Help with Least Privilege Great overview by Sym’s Adam Buggia on resources and tools for creating least privilege IAM policies. He discusses deriving AWS policies from CloudTrail Data vs designing policies using Client Side Monitoring (and their respective trade-offs), and how to generate policies for a Terraform Project using Localstack. https://blog.symops.com/2022/05/06/least-privilege-policies-from-aws-logs #aws