CloudSec Wine

🔶 Monitoring your EKS clusters audit logs A plugin has replaced the way Falco consumes the Audit Logs generated by a K8s API server. With these plugins, Falco covers more in depth the aspects of your infrastructure and allows you to use a single syntax for rules. https://falco.org/blog/k8saudit-eks-plugin/ #aws

👩‍💻 Hunting in Azure subscriptions This blog post covers various strategies and methodologies to help understand the scope and complexity of how threat actors' manoeuvre within Azure subscriptions. https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/hunting-in-azure-subscriptions/ba-p/4125875 #azure

🔴 Introducing Google Security Operations: Intel-driven, AI-powered SecOps At RSA, Google announced AI innovations across the Google Cloud Security portfolio, including Google Threat Intelligence, and the latest release of Google Security Operations https://cloud.google.com/blog/products/identity-security/introducing-google-security-operations-intel-driven-ai-powered-secops-at-rsa/ #gcp

🔶 AWS Application Load Balancer mTLS with open-source cloud CA A step-by-step guide on implementing mTLS for AWS Application Load Balancer using an open-source cloud CA. https://medium.com/@paulschwarzenberger/aws-application-load-balancer-mtls-with-open-source-cloud-ca-277cb40d60c7 (Use VPN to open from Russia) #aws

🔶 Detecting Manual Actions in EKS Clusters with Terraform and SNS How to set up audit alerts and monitoring for manual actions in EKS resources, such as ClusterRoleBinding or Secret creation or deletion. https://medium.com/@seifeddinerajhi/detecting-manual-actions-in-eks-clusters-with-terraform-and-sns-65397416c1f9 (Use VPN to open from Russia) #aws

🔶 AWS CloudQuarry: Digging for Secrets in Public AMIs Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI they managed to collect 500 GB of credentials, private repositories, access keys and more. https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/ #aws

🔶 terraform-aws-slackbot A simple, serverless back end for your Slack app. https://github.com/amancevice/terraform-aws-slackbot #aws

🔶 How an empty S3 bucket can make your AWS bill explode Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning? https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 (Use VPN to open from Russia) #aws

👩‍💻 Arbitrary 1-click Azure tenant takeover via MS application This blog explains how reply URLs in Azure Applications can be used as a vector for phishing. The impact of this can range from data leaks to complete tenant takeover; just by luring a victim into clicking on a link. https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application/ #azure

👩‍💻 A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been attacked and would have had no indication of the activity. https://trustedsec.com/blog/full-disclosure-a-look-at-a-recently-patched-microsoft-graph-logging-bypass-graphninja #azure