es
Feedback
CloudSec Wine

CloudSec Wine

Ir al canal en Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Mostrar más
2 228
Suscriptores
Sin datos24 horas
+17 días
+330 días
Archivo de publicaciones
🔸How we prevented subdomain takeovers and saved $000s Blog post describing new open source tool for protecting cloud infrastructure from subdomain takeover, using AWS Lambda functions integrated with Amazon Route53. https://tech.ovoenergy.com/how-we-prevented-subdomain-takeovers-and-saved-000s/ #aws

​​AWS Security Reference Architecture (AWS SRA) — документ по комплексной настройке сервисов безопасности в мульти-аккаунтной среде: https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/welcome.html Although we rely on a one-page diagram as our foundation, an architecture goes deeper than a single block diagram and must be built on a well-structured foundation of fundamentals and security principles. You can use this document in two ways: as a narrative or as a reference. #security

🔸Security Implications of AWS API Gateway Lambda Authorizers and IAM Wildcard Expansion Tenchi Security’s Alexandre Sieira a
🔸Security Implications of AWS API Gateway Lambda Authorizers and IAM Wildcard Expansion Tenchi Security’s Alexandre Sieira and Leonardo Viveiros describe how wildcard expansion when specifying HTTP verbs and paths that are allowed can potentially expose things you did not intend. Man, sometimes AWS feels like Complexity/Footguns-as-a-Service. Like Intuit lobbying against making taxes easier because it’s not in their financial interests. https://www.tenchisecurity.com/blog/thefaultinourstars #aws

🔸AWS Accounts as Security Boundaries - 97+Ways Data Can be Shared Across Accounts Security teams cannot simply rely on the AWS account boundary to limit access between environments. Instead, they must carefully audit IAM policies, resource policies, Organization membership, RAM shares, service-level integrations, and sometimes combinations of one of more of these options, in order to properly evaluate how data from one account is being sent to others. https://matthewdf10.medium.com/aws-accounts-as-security-boundaries-97-ways-data-can-be-shared-across-accounts-b933ce9c837e #aws

🔸Protecting Amazon S3 Data from Ransomware Ransomware targeting S3 is more than likely to simply delete your data and claim that it's being held ransom than actually encrypting it https://securingthe.cloud/aws/protecting-amazon-s3-data-from-ransomware/ #aws

🔸🔴Access Service: Temporary Access to the Cloud How the Segment Security Engineering Team approaches access to AWS/GCP roles and SaaS apps, and how they implemented a time-based, peer-reviewed access. https://segment.com/blog/access-service/ #aws #gcp

🔸iam-service-account-controller Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts. https://github.com/ovotech/iam-service-account-controller #aws

🔸AWS Visibility & Enforcement A cheatsheet of a number of useful tools for getting visibility into your cloud environment and continuously enforcing security policies, by Marco Lancini. https://cloudsecdocs.com/aws/devops/tooling/visibility/ #aws

🔸Retrieving AWS security credentials from the AWS console How to retrieve AWS security credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) when authenticated in the AWS Console. https://blog.christophetd.fr/retrieving-aws-security-credentials-from-the-aws-console/ #aws

🔸Top ten AWS identity health checks to improve security in the cloud Ten recommended AWS identity health checks which can he
🔸Top ten AWS identity health checks to improve security in the cloud Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes. https://k9security.io/docs/aws-identity-health-checks/ #aws

🔸The Ten Riskiest AWS Misconfigurations #aws

photo content

🔹The 10 Most Common Azure Configuration Challenge #azure

photo content

🔴Lateral Movement & Privilege Escalation in GCP; Compromise Organizations without Dropping an Implant "In this talk, we'll demonstrate several techniques to perform identity compromise via the ActAs permission, privilege escalation, lateral movement, and widespread project compromise in Google Cloud. We will also release tools for exploitation." https://youtu.be/kyqeBGNSEIc #gcp

CISO’s Guide to Cloud Security Transformation New whitepaper by GCP covering: “prepare your company culture for cloud security, evolve how your company works, evolve key security roles and responsibilities, and design your security operating model.” https://cloud.google.com/blog/products/identity-security/cisos-guide-to-cloud-security-transformation

🔸Security Logging in Cloud Environments - AWS Post by Marco Lancini describing how to design a multi-account security-relate
🔸Security Logging in Cloud Environments - AWS Post by Marco Lancini describing how to design a multi-account security-related logging platform in AWS. He discusses various services (CloudTrail, CloudWatch, GuardDuty, Config), access logs, collecting logs, long-term storage and audit trail, and monitoring and alerting. https://www.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/ #aws

AWS Certified Security Study Guide.pdf18.99 MB