CloudSec Wine

🔶 A SaaS provider's guide to securely integrating with customers' AWS accounts An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments. https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/ #aws

👩‍💻 Privilege Elevation in Entra ID: UnOAuthorized This article discusses how attackers can exploit Microsoft applications to gain unauthorized privilege elevation in Active Directory environments, highlighting risks and providing mitigation strategies for administrators to protect against such threats. https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/ #azure

🔶 CloudGoat Official Walkthrough Series: glue_privesc This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag. https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/ #aws

👩‍💻 Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries EclecticIQ analysts discovered ransomware operations by SCATTERED SPIDER targeting cloud infrastructures within the insurance and financial sectors. https://blog.eclecticiq.com/ransomware-in-the-cloud-scattered-spider-targeting-insurance-and-financial-industries #azure

🔴 Instant snapshots: protect Compute Engine workloads from errors and corruption Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed. https://cloud.google.com/blog/products/compute/introducing-compute-engine-instant-snapshots #gcp

🔶 Automatically replicate your card payment keys across AWS Regions A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography. https://aws.amazon.com/ru/blogs/security/automatically-replicate-your-card-payment-keys-across-aws-regions/ (Use VPN to open from Russia) #aws

🔶 Achieving Zero Trust Security on Amazon EKS with Istio Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS. https://aws.amazon.com/ru/blogs/opensource/achieving-zero-trust-security-on-amazon-eks-with-istio/ (Use VPN to open from Russia) #aws

🔶 What's the worst place to leave your secrets? A research into what happens to AWS credentials that are left in public places. https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/ #aws

🔴 Announcing Terraform Google Provider 6.0.0 Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes. https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/ #gcp

🔶 My Methodology to AWS Detection Engineering (Part 2: Risk Assignment) Post focusing on the key components that make up the risk assignment rule. https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html #aws

🔶 My Methodology to AWS Detection Engineering (Part 1: Object Selection) This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools. https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html #aws

🔶 Industrial IAM Service Role Creation A guide to tools for creating AWS IAM service roles. https://ramimac.me/iam-service-roles #aws

🔶 Exposing Security Observability Gaps in AWS Native Security Tooling Post exploring the limitations and effectiveness of AWS IAM Access Analyzer in detecting publicly exposed resources across various AWS services. https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws #aws

🔶 AWS IAM: A Comprehensive Guide Toward Least Privilege Some AWS mechanisms we can use to achieve more robust permissions on AWS: Organizations, SCPs, IAM Access Analyzer, permission boundaries, and more. https://cyscale.com/blog/aws-iam-least-privilege/ #aws

👩‍💻 AiTM Phishing with Azure Functions A phishing toolkit that runs serverless on Azure, based on Azure Functions to phish some Entra ID credentials and cookies. https://nicolasuter.medium.com/aitm-phishing-with-azure-functions-a1530b52df05 (Use VPN to open from Russia) #azure

🔶 Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments An extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments. https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/ #aws

🔶 An AWS IAM Security Tooling Reference A guide to tools for auditing AWS IAM. https://ramimac.me/aws-iam-tools-2024 #aws

🔶 The Hunt for ALBeast: A Technical Walkthrough A configuration-based vulnerability hidden within thousands of applications using the AWS ALB authentication feature. https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast #aws

🔶 AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse. https://medium.com/@adammesser_51095/cloud-digital-forensics-and-incident-response-aws-iam-privilege-escalation-leads-to-ec2-2d787a4e99a7 #aws

🔶 Emerging phishing campaign targeting AWS accounts The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages. https://www.wiz.io/blog/emerging-phishing-campaign-targeting-aws-accounts #aws