CloudSec Wine

🔶 API Keys for Bedrock: A Brief Security Overview This new authentication method for Amazon Bedrock introduces some helpful options, but also brings challenges. https://medium.com/@adan.alvarez/api-keys-for-bedrock-a-brief-security-overview-2133ed9a2b3f (Use VPN to open from Russia) #aws

🔶 Enforcing Least Privilege in AWS IAM with Access Analyzer and Last Access Data A practical guide on enforcing least privilege in AWS IAM by using IAM Access Analyzer and service Last Accessed data. Includes real workflows, auditing strategies, and automation tips. https://thehiddenport.dev/posts/aws-enforcing-least-privilege/ #aws

🔶 Making file encryption fast and secure for teams with advanced key management Dropbox has developed an advanced key management solution to enhance team-based file encryption, addressing the needs of customers with sensitive data, such as those in finance or healthcare. https://dropbox.tech/security/file-encryption-teams-advanced-key-management #aws

🔶 iam-shrink Make AWS IAM policies smaller by adding wildcards to actions. https://github.com/cloud-copilot/iam-shrink (Use VPN to open from Russia) #aws

🔶 sample-visualizing-access-rights-for-identity-on-aws This is a sample solution that demonstrates how to use AWS IAM Identity Center with Neptune to visualize and map relationships between identities and resources. https://github.com/aws-samples/sample-visualizing-access-rights-for-identity-on-aws #aws

🔶 Threat Technique Catalog for AWS The Threat Technique Catalog for AWS describes techniques used by threat actors to take advantage of security misconfigurations or compromised credentials on the customer side ("Security in the Cloud") of the shared responsibility model. https://aws-samples.github.io/threat-technique-catalog-for-aws/ #aws

👩‍💻 Microsoft expands Zero Trust workshop to cover network, SecOps, and more Microsoft announced the expansion of the Zero Trust workshop to cover the additional technical pillars of Zero Trust, assisting customers on strategies that may contribute to securing their network, infrastructure, and connecting all these elements with security operations (SecOps). https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/ #azure

👩‍💻 eBPF-based networking & security integration with Microsoft Sentinel This post explores the setup and configuration of Cilium and Tetragon in Azure Kubernetes Service and integrating & monitoring with Microsoft Sentinel. https://akingscote.co.uk/posts/aks-cilium-tetragon-ebpf/ (Use VPN to open from Russia) #azure

👩‍💻 Extracting Sensitive Information from Azure Load Testing The blog discusses techniques for extracting sensitive information from the Azure Load Testing service, which supports Managed Identities for accessing Key Vault entries. https://www.netspi.com/blog/technical-blog/cloud-pentesting/extracting-sensitive-information-azure-load-testing/ (Use VPN to open from Russia) #azure

👩‍💻 Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks Several Azure built-in roles are misconfigured to be over-privileged - they grant more permissions than intended by Azure. https://www.token.security/blog/azures-role-roulette-how-over-privileged-roles-and-api-vulnerabilities-expose-enterprise-networks #azure

👩‍💻 When Backups Open Backdoors: Accessing Sensitive Cloud Data via «Synology Active Backup for Microsoft 365» A leaked credential allowed anyone unauthorized access to all Microsoft tenants of organizations that use Synology's "Active Backup for Microsoft 365" (ABM). https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/ (Use VPN to open from Russia) #azure

👩‍💻 Azure Machine Learning Escalation: When Pipelines Go Off the Rails Orca uncovers a privilege escalation risk in Azure Machine Learning pipelines that could allow attackers to run code and access sensitive data. https://orca.security/resources/blog/azure-machine-learning-privilege-escalation/ #azure

👩‍💻 Requesting Entra ID Tokens with Entra ID SSO Cookies How to use a browser SSO cookie to request Entra ID OAuth tokens and enumerate a target tenant. This technique is useful when a device is not joined to an Entra ID tenant. https://specterops.io/blog/2025/06/27/requesting-entra-id-tokens-with-entra-id-sso-cookies/ #azure

🔶🔴 gcp-oidc-aws A Terraform module that creates a GCP Workload Identity Federation to allow AWS workloads to authenticate to GCP via a GCP Service Account, without storing service account keys. https://github.com/marco-lancini/utils/tree/main/terraform/gcp-oidc-aws #aws #gcp

🔶 The Future of Threat Emulation: Building AI Agents that Hunt Like Cloud Adversaries Exploring the breakthrough potential and emerging risks of AI agents that can autonomously discover and exploit complex AWS attack chains. https://www.offensai.com/blog/the-future-of-threat-emulation-building-ai-agents-that-hunt-like-cloud-adversaries #aws

🔶 Sign in with your eID: Using AWS IAM Roles Anywhere with a SmartCard Reader A fun experiment: the Belgian eID, which includes an authentication certificate, can be utilized to authenticate users without requiring extensive certificate management. https://cloudar.be/awsblog/sign-in-with-your-eid-using-aws-iam-roles-anywhere-with-a-smartcard-reader/ #aws

🔶 JA3 and JA4 Fingerprints in AWS WAF and Beyond This article discusses JA3 and JA4 fingerprints, including how they can be useful across cloud services, and how to use them with AWS WAF. https://engineering.doit.com/ja3-ja4-fingerprints-aws-waf-e2d18dca198a (Use VPN to open from Russia) #aws

👩‍💻 Microsoft Entra ID OAuth Phishing and Detections This article explores OAuth phishing and token-based abuse in Microsoft Entra ID. Through emulation and analysis of tokens, scope, and device behavior during sign-in activity, it surfaces high-fidelity signals defenders can use to detect and hunt for OAuth misuse. https://www.elastic.co/security-labs/entra-id-oauth-phishing-detection #azure

🔶 Unify your security with the new AWS Security Hub for risk prioritization and response at scale Amazon announced the preview release of the new AWS Security Hub which offers additional correlation, contextualization, and visualization capabilities. https://aws.amazon.com/ru/blogs/aws/unify-your-security-with-the-new-aws-security-hub-for-risk-prioritization-and-response-at-scale-preview/ (Use VPN to open from Russia) #aws

🔶 AWS Backup adds new Multi-party approval for logically air-gapped vaults Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path. https://aws.amazon.com/ru/blogs/aws/aws-backup-adds-new-multi-party-approval-for-logically-air-gapped-vaults/ (Use VPN to open from Russia) #aws