CloudSec Wine

🔷Sky's the Limit: Stratus Red Team for Azure A write-up on using Stratus Red Team for testing threat detection rules. https://blog.detect.dev/posts/azure_for_stratus.html #azure

🔶CloudGoat Scenario: Avoiding AWS Security Detection and Response This will walk through the CloudGoat AWS detection_evasion scenario, detailing how to avoid AWS security detection and response services, such as in Lambda. https://rhinosecuritylabs.com/cloud-security/cloudgoat-detection_evasion-walkthrough #aws

🔷FabricScape: Escaping Service Fabric and Taking Over the Cluster FabricScape (CVE-2022-30137) is a privilege escalation vulnerability in Microsoft's Service Fabric, which allowed cross tenant root access built out of unprivileged processes. https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137 #azure

🔴 Google Cloud Security Overview A bird's eye view of the Google Cloud Security Services, illustrated via sketchnotes. https://cloud.google.com/blog/topics/developers-practitioners/google-cloud-security-overview #gcp

🔷Establish security boundaries in your on-prem AD and Azure environment A high-level explanation of how to implement security boundaries in an on-prem AD and Azure environment to protect your critical assets based on the principle of tiered administration, including how BloodHound can help you in the process. https://posts.specterops.io/establish-security-boundaries-in-your-on-prem-ad-and-azure-environment-dcb44498cfc2 #azure

🔶Anatomy of an Attack: Exposed keys to Crypto Mining Blog detailing the activity associated with a low sophistication crypto mining incident caused by exposed keys. https://permiso.io/blog/s/anatomy-of-attack-exposed-keys-to-crypto-mining #aws

🔶🔷🔴 Cloud Risk Encyclopedia 1200+ cloud security risks, 3 cloud platforms, 47 compliance frameworks, 18 risk categories, 4 risk levels. https://orca.security/resources/cloud-risk-encyclopedia #aws #azure #gcp

🔷Office 365 Functionalities that can Ransom Files Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive. https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality #azure

🔶AWS IAM Security Best Practices A post going through a few top rules and best practices in AWS IAM. https://blog.gitguardian.com/aws-iam-security-best-practices #aws

🔶 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS With this analysis, Tempest researchers identified at least 41 actions that can lead to improper data access. https://sidechannel.blog/en/unwanted-permissions-that-may-impact-security-when-using-the-readonlyaccess-policy-in-aws #aws

🔶 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS With this analysis, Tempest researchers identified at least 41 actions that can lead to improper data access. https://sidechannel.blog/en/unwanted-permissions-that-may-impact-security-when-using-the-readonlyaccess-policy-in-aws #aws

🔴 Incident report: Spotting an attacker in GCP A walk through of how an attacker gained access to a customer's GCP environment, Expel's investigative process, and some key takeaways for securing your organization. https://expel.com/blog/incident-report-spotting-an-attacker-in-gcp #gcp

🔷 SynLapse - Technical Details for Critical Azure Synapse Vulnerability This blog describes the technical details of SynLapse, a critical Synapse Analytics vulnerability in Microsoft Azure which allowed attackers to bypass tenant separation. https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability #azure

🔶🔷🔴 The cloud gray zone: secret agents installed by cloud service providers Wiz Research details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors. https://www.wiz.io/blog/the-cloud-gray-zone-secret-agents-installed-by-cloud-service-providers #aws #azure #gcp

🔴 An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms. https://www.mitiga.io/blog/misconfiguration-hidden-dangers-cloud-control-plane #gcp

🔶🔷🔴 cloud-middleware-dataset This project contains cloud middleware (i.e. agents installed by cloud security providers) used across the major cloud service providers (Azure, AWS and GCP). https://github.com/wiz-sec/cloud-middleware-dataset #aws #azure #gcp

🔶 Use CloudTrail to Pivot to AWS Accounts How to utilize the AWS CloudTrail service to discover other AWS accounts that you could pivot to. https://bishopfox.com/blog/cloudtrail-pivot-to-aws-accounts #aws

🔴 Enumeration and lateral movement in GCP environments A pentest write up describing how it was possible to compromise a hybrid GCP hosted infrastructure using native GCP tools. https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794 #gcp

🔷 Managed Identity Attack Paths, Part 1: Automation Accounts A three part blog series exploring attack paths that emerge out of Managed Identity assignments in three Azure services. https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a #azure

🔴 How to Think about Threat Detection in the Cloud Google’s Anton Chuvakin and Tim Peacock share their views on a foundational framework for thinking about threat detection in public cloud computing. https://medium.com/anton-on-security/how-to-think-about-threat-detection-in-the-cloud-1baff902afe5 #gcp