CloudSec Wine

🔶 safer-scps Safer AWS Service Control Policies (SCPs) deployments via real-time error monitoring. https://github.com/matthewdfuller/safer-scps #aws

🔶🔴 cloudranger Go library for mapping IP address ranges to cloud provider regions (currently: AWS and GCP). https://github.com/planetscale/cloudranger #aws #gcp

🔶 hidden-services-revealer A tool to map hidden services in AWS. It does this by following the triggered events of a user's actions. https://github.com/tenable/hidden-services-revealer #aws

🙂 Dear friends, this year we have already become more than 2000 people. And this is very cool. Only thanks to you we will make even cooler content. Thank you very much. 🎉 Happy New Year 2025! We wish you success in your personal life and career. Let's make the new year much better than 2024 together! #HappyNewYear

🔶 A small digest of AWS news: 1️⃣ AWS Control Tower launches managed controls using declarative policies These policies are a set of new optional controls that help you consistently enforce the desired configuration for a service. 2️⃣ AWS Config now supports a service-linked recorder AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit. (Use VPN to open from Russia) #aws

🔴 Improve your security posture with expanded Custom Org Policy Administrators can use custom organization policies to set granular resource configurations in order to enhance security posture, address regulatory requirements, and increase operational efficiencies, all without impacting development velocity. https://cloud.google.com/blog/products/identity-security/announcing-expanded-custom-org-policy-portfolio-of-supported-products/ #gcp

🔶 AWS Network Firewall Geographic IP Filtering launch Geographic IP Filtering is a new feature of Network Firewall that you can use to filter traffic based on geographic location and meet compliance requirements. https://aws.amazon.com/ru/blogs/security/aws-network-firewall-geographic-ip-filtering-launch/ (Use VPN to open from Russia) #aws

🔶 A practical guide to getting started with policy as code Post detailing the concepts, processes, and steps to get started with policy as code (PaC) and adopt this into your software development lifecycle. https://aws.amazon.com/ru/blogs/infrastructure-and-automation/a-practical-guide-to-getting-started-with-policy-as-code/ (Use VPN to open from Russia) #aws

🔴 Locking down Cloud Run: Inside Commerzbank's adoption of Custom Org Policies Commerzbank has adopted Google Cloud's Custom Org Policies to enhance security for its Cloud Run environments, addressing the critical need for robust security in financial services. https://cloud.google.com/blog/topics/financial-services/commerzbank-cloud-run-custom-org-policies/ #gcp

🔶 Tales from the cloud trenches: Unwanted visitor A cloud attack targeting Amazon SES, persistence, and a malicious AWS account ID. https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-unwanted-visitor/ #aws

👩‍💻 Log Poisoning in Microsoft Sentinel This article discusses log poisoning attacks against Microsoft Sentinel, explaining how attackers can manipulate logs to evade detection. It covers attack techniques, potential impacts, and mitigation strategies for defenders to protect their SIEM environments. https://akingscote.co.uk/posts/microsoft-sentinel-log-poisoning/ #azure

👩‍💻 Microsoft Azure Cross Tenant Azure AD Domain Join & RBAC Goofiness Microsoft Azure allows Windows Virtual Machines to join an Entra tenant that differs from the hosting tenant, using an Azure AD VM Extension for domain joining. https://akingscote.co.uk/posts/microsoft-azure-cross-tenant-vm-domain-join/ #azure

🔶 Exploring AWS STS AssumeRoot A post from the Elastic team exploring AWS STS AssumeRoot, its risks, detection strategies, and practical scenarios to secure against privilege escalation and account compromise. https://www.elastic.co/security-labs/exploring-aws-sts-assumeroot #aws

🔶🔷🔴 How Adversaries Abuse Serverless Services to Harvest Sensitive Data from Environment Variables How threat actors can exploit sensitive data stored in serverless environment variables in AWS, Azure, GCP and Kubernetes, and the use of cloud-offensive tools for this purpose. https://permiso.io/blog/how-adversaries-abuse-serverless-services-to-harvest-sensitive-data-from-environment-variables #aws #azure #gcp

🔶🔷🔴 How Adversaries Abuse Serverless Services to Harvest Sensitive Data from Environment Variables How threat actors can exploit sensitive data stored in serverless environment variables in AWS, Azure, GCP and Kubernetes, and the use of cloud-offensive tools for this purpose. https://permiso.io/blog/how-adversaries-abuse-serverless-services-to-harvest-sensitive-data-from-environment-variables #aws #azure #gcp

🔶 AWS Clean Rooms now supports multiple clouds and data sources With expanded data sources, AWS Clean Rooms helps customers securely collaborate with their partners' data across clouds, eliminating data movement, safeguarding sensitive information, promoting data freshness, and streamlining cross-company insights. https://aws.amazon.com/ru/blogs/aws/aws-clean-rooms-now-supports-multiple-clouds-and-data-sources/ (Use VPN to open from Russia) #aws

🔴 sftp-gcs An implementation of an SFTP to Google Cloud Storage bridge. https://github.com/kolban-google/sftp-gcs #gcp

🔶 Introducing Amazon GuardDuty Extended Threat Detection: AI/ML attack sequence identification for enhanced cloud security AWS extends GuardDuty with AI/ML capabilities to detect complex attack sequences across workloads, applications, and data, correlating multiple security signals over time for proactive cloud security. https://aws.amazon.com/ru/blogs/aws/introducing-amazon-guardduty-extended-threat-detection-aiml-attack-sequence-identification-for-enhanced-cloud-security/ (Use VPN to open from Russia) #aws

🔶 New AWS Security Incident Response helps organizations respond to and recover from security events AWS introduced a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats. https://aws.amazon.com/ru/blogs/aws/new-aws-security-incident-response-helps-organizations-respond-to-and-recover-from-security-events/ (Use VPN to open from Russia) #aws

🔶 The New PKCE Authentication in AWS SSO Brings Hope (Mostly) Post taking a closer look at the newly-released PKCE support for AWS SSO authentication flows. https://blog.christophetd.fr/pkce-aws-sso/ #aws