CloudSec Wine

🔶 CIEM Part 2: Measure risk probability in IAM Post that tries to classify IAM Roles or IAM User candidates for an attack. https://www.robertdemeyer.com/post/ciem-part-2-measure-risk-probability-in-iam #aws

🔷 Azure Arc as persistence technique: stealthier than one would think on Linux servers Post analyzing how using Azure Arc as a persistence vector would work, and what kind of logs it would generate on the host. https://safecontrols.blog/2023/10/25/azure-arc-as-persistence-technique-stealthier-than-one-would-think-on-linux-servers/ #azure

🔴 GKE/Gmail vulnerability: notes and tips Security researchers have discovered a new Google Kubernetes Engine misconfiguration that could allow attackers with a basic Gmail account to take control of a Kubernetes (k8s) cluster. https://expel.com/blog/gke-gmail-vulnerability-notes-and-tips/ #gcp

🔶 The curious case of DangerDev@protonmail.me An AWS incident response story, including the techniques used by the threat actor. https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me #aws

🔶 How Zurich Insurance Group built their Scalable Account Vending process using AWS Account Factory for Terraform By adopting AWS Control Tower Account Factory for Terraform, Zurich were able to achieve the scalability, resilience and performance to support provisioning of a projected 3000+ accounts. https://aws.amazon.com/ru/blogs/architecture/how-zurich-insurance-group-built-their-scalable-account-vending-process-using-aws-account-factory-for-terraform/ #aws

🔴 Sys:All Google Kubernetes Engine Risk The Orca Research Pod has discovered a risk in Google Kubernetes Engine (GKE) that would allow an attacker with any Google account to take over a Kubernetes cluster. You can also read the follow up blog post. https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk/ #gcp

🔶 How least privilege leads to a false sense of security A view on least privilege which proposes its application misleads us in a wrong sense of security. https://www.robertdemeyer.com/post/ciem-part-1-how-least-privilege-leads-to-a-false-sense-of-security #aws

🔷 Azure Attack Paths Post shedding some light on known attack paths in an Azure environment. https://cloudbrothers.info/en/azure-attack-paths/ #azure

🔴 Google Cloud Incident Response Cheat Sheet A visual lifeline designed to equip you with the crucial steps and resources needed to navigate a GCP security incident. https://medium.com/google-cloud/google-cloud-incident-response-cheat-sheet-dfde9054ac16 (Use VPN to open from Russia) #gcp

🔷 Azure Logs: Breaking Through the Cloud Cover Azure Monitor Activity Logs can be difficult to interpret. This blog offers insights into these logs where you'll find an invaluable reference tool and guide designed to demystify Azure's logging complexities. https://permiso.io/blog/azure-logs-breaking-through-the-cloud-cover #azure

🔶 AWS IAM Roles Anywhere with MacOS Keychain Create a test Certificate Authority, configure AWS IAM Roles Anywhere and test access to AWS authenticating with a certificate in MacOS Keychain. https://medium.com/@paulschwarzenberger/aws-iam-roles-anywhere-with-macos-keychain-17764b5fb848 (Use VPN to open from Russia) #aws

🔶 AWS Account Security Onboarding Mind Map A succinct and structured mind map that could act like a checklist when onboarding new AWS Accounts to an existing AWS Organization. https://www.linkedin.com/pulse/aws-account-security-onboarding-mind-map-artem-marusov-zrpre/ (Use VPN to open from Russia) #aws

🔶 Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining Two attacks in an AWS environment that led to crypto mining and data exfiltration. https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-ecs-crypto-mining/ #aws

🔶 Automate Cedar policy validation with AWS developer tools How to use developer tools on AWS to implement a build pipeline that validates the Cedar policy files against a schema and runs a suite of tests to isolate the Cedar policy logic. https://aws.amazon.com/ru/blogs/security/automate-cedar-policy-validation-with-aws-developer-tools/ #aws

🔷 Automating Managed Identity Token Extraction in Azure Container Registries The «Tasks» functionality can be abused by attackers to generate tokens for any Managed Identities that are attached to the ACR. https://www.netspi.com/blog/technical/cloud-penetration-testing/automating-managed-identity-token-extraction-in-azure-container-registries/ #azure

🔶 Fuzzing and Bypassing the AWS WAF The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. https://sysdig.com/blog/fuzzing-and-bypassing-the-aws-waf/ (Use VPN to open from Russia) #aws

🔷 Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors Discover insights from the Splunk Threat Research Team on Microsoft 365 threat detection, focusing on data source analysis and effective methods for hunting initial access threats. https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-blue-team-s-guide-to-initial-access-vectors.html (Use VPN to open from Russia) #azure

🔶 Deep dive into AWS CloudShell AWS CloudShell got a new capability in January 2024: running Docker containers. https://awsteele.com/blog/2024/01/11/deep-dive-into-aws-cloudshell.html #aws

🔶 Best Practices to help secure your container image build pipeline by using AWS Signer AWS Signer is a fully managed code-signing service to help ensure the trust and integrity of your code. It helps you verify that the code comes from a trusted source and that an unauthorized party has not accessed it. https://aws.amazon.com/ru/blogs/security/best-practices-to-help-secure-your-container-image-build-pipeline-by-using-aws-signer/ #aws

🔶 Setting secure AWS defaults and avoiding misconfigurations Wiz cloud security researcher, Scott Piper, suggests measures organizations can adopt to ensure secure defaults on AWS and improve their security posture. https://www.wiz.io/blog/how-to-set-secure-defaults-on-aws #aws