CloudSec Wine
رفتن به کانال در Telegram
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
نمایش بیشتر2 228
مشترکین
+124 ساعت
اطلاعاتی وجود ندارد7 روز
+230 روز
آرشیو پست ها
2 228
🔸CSO's Guide to AWS
https://www.mindmeister.com/ru/1678499467/cso-s-guide-to-aws?fullscreen=1
#aws
2 228
🔸AWS Security 2021
https://www.mindmeister.com/ru/1925015344/aws-security-2021?fullscreen=1
#aws
2 228
🔸How we prevented subdomain takeovers and saved $000s
Blog post describing new open source tool for protecting cloud infrastructure from subdomain takeover, using AWS Lambda functions integrated with Amazon Route53.
https://tech.ovoenergy.com/how-we-prevented-subdomain-takeovers-and-saved-000s/
#aws
2 228
AWS Security Reference Architecture (AWS SRA) — документ по комплексной настройке сервисов безопасности в мульти-аккаунтной среде:
https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/welcome.html
Although we rely on a one-page diagram as our foundation, an architecture goes deeper than a single block diagram and must be built on a well-structured foundation of fundamentals and security principles. You can use this document in two ways: as a narrative or as a reference.
#security2 228
🔸Security Implications of AWS API Gateway Lambda Authorizers and IAM Wildcard Expansion
Tenchi Security’s Alexandre Sieira and Leonardo Viveiros describe how wildcard expansion when specifying HTTP verbs and paths that are allowed can potentially expose things you did not intend. Man, sometimes AWS feels like Complexity/Footguns-as-a-Service. Like Intuit lobbying against making taxes easier because it’s not in their financial interests.
https://www.tenchisecurity.com/blog/thefaultinourstars
#aws
2 228
🔸AWS Accounts as Security Boundaries - 97+Ways Data Can be Shared Across Accounts
Security teams cannot simply rely on the AWS account boundary to limit access between environments. Instead, they must carefully audit IAM policies, resource policies, Organization membership, RAM shares, service-level integrations, and sometimes combinations of one of more of these options, in order to properly evaluate how data from one account is being sent to others.
https://matthewdf10.medium.com/aws-accounts-as-security-boundaries-97-ways-data-can-be-shared-across-accounts-b933ce9c837e
#aws
2 228
🔸Protecting Amazon S3 Data from Ransomware
Ransomware targeting S3 is more than likely to simply delete your data and claim that it's being held ransom than actually encrypting it
https://securingthe.cloud/aws/protecting-amazon-s3-data-from-ransomware/
#aws
2 228
🔸🔴Access Service: Temporary Access to the Cloud
How the Segment Security Engineering Team approaches access to AWS/GCP roles and SaaS apps, and how they implemented a time-based, peer-reviewed access.
https://segment.com/blog/access-service/
#aws #gcp
2 228
🔸iam-service-account-controller
Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts.
https://github.com/ovotech/iam-service-account-controller
#aws
2 228
🔸AWS Visibility & Enforcement
A cheatsheet of a number of useful tools for getting visibility into your cloud environment and continuously enforcing security policies, by Marco Lancini.
https://cloudsecdocs.com/aws/devops/tooling/visibility/
#aws
2 228
🔸Retrieving AWS security credentials from the AWS console
How to retrieve AWS security credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) when authenticated in the AWS Console.
https://blog.christophetd.fr/retrieving-aws-security-credentials-from-the-aws-console/
#aws
2 228
🔸Top ten AWS identity health checks to improve security in the cloud
Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes.
https://k9security.io/docs/aws-identity-health-checks/
#aws
2 228
🔴Lateral Movement & Privilege Escalation in GCP; Compromise Organizations without Dropping an Implant
"In this talk, we'll demonstrate several techniques to perform identity compromise via the ActAs permission, privilege escalation, lateral movement, and widespread project compromise in Google Cloud. We will also release tools for exploitation."
https://youtu.be/kyqeBGNSEIc
#gcp
2 228
CISO’s Guide to Cloud Security Transformation
New whitepaper by GCP covering: “prepare your company culture for cloud security, evolve how your company works, evolve key security roles and responsibilities, and design your security operating model.”
https://cloud.google.com/blog/products/identity-security/cisos-guide-to-cloud-security-transformation
2 228
🔸Security Logging in Cloud Environments - AWS
Post by Marco Lancini describing how to design a multi-account security-related logging platform in AWS. He discusses various services (CloudTrail, CloudWatch, GuardDuty, Config), access logs, collecting logs, long-term storage and audit trail, and monitoring and alerting.
https://www.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/
#aws
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
