CloudSec Wine

🔶 Amazon Security Lake A purpose-built service that automatically centralizes an organization's security data from cloud and on-premises sources into a purpose-built data lake stored in your account. https://aws.amazon.com/ru/blogs/aws/preview-amazon-security-lake-a-purpose-built-customer-owned-data-lake-service #aws

🔷 Yet Another Azure VM Persistence Using Bastion Shareable Links These links have no additional authentication and are publicly accessible. https://blog.karims.cloud/2022/11/26/yet-another-azure-vm-persistence.html #azure

🔶 reply-fr/sustainable-personal-accounts Add custom maintenance windows for AWS accounts - purge and prepare resources automatically. https://github.com/reply-fr/sustainable-personal-accounts #aws

🔶 AWS pre:Invent 2022 Chris Farris highlights AWS's interesting and impactful security announcements in the lead-up to AWS re:Invent. https://steampipe.io/blog/pre-invent-2022 #aws

🔶🔴 Email Graffiti: hacking old email Hacking images in old Emails, by registering the buckets or domains they point to, allows to vandalize old emails. https://trufflesecurity.com/blog/email-graffiti #aws #gcp

🔷 A dive into Microsoft Defender for Identity Synacktiv recently analyzed the detection capabilities of Microsoft Defender for Identity, a cloud-based security solution which is the successor of Microsoft Advanced Threat Analytics and part of Microsoft Defender 365. https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html #azure

🔶 A Confused Deputy Vulnerability in AWS AppSync A cross-tenant vulnerability in AWS AppSync, which allowed an attacker to access data in victims' accounts. https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure #aws

🔷 Layers Of Cloud Azure And The Mis Storage Of Secrets Ever wondered how storing secrets in the cloud can go wrong? This talk by Katie Knowles at BSides Toronto 2022 looks at common ways passwords should be stored. https://youtu.be/SmxEvVg6Fe8 #azure

🔶 The Many Ways to Access RDS An overview of RDS access management capabilities along with examples using Terraform. https://blog.symops.com/2022/11/17/rds-access #aws

🔷 Abusing tcp tunneling in Azure Bastion How Azure Bastion Native Client support works, and how an adversary could abuse this feature to perform attacks against Azure VMs over private IP addresses, without having direct network connectivity to the VM. https://codyburkard.com/blog/bastionabuse #azure

🔶 Infosys leaked FullAdminAccess AWS keys on PyPi for over a year They appear to issue AWS keys to developers that are not rotated for several years and store these keys in git. They also don't have a clear place to report security issues like this. https://tomforb.es/infosys-leaked-fulladminaccess-aws-keys-on-pypi-for-over-a-year #aws

🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft #azure

🔷 Token tactics: How to prevent, detect, and respond to cloud token theft As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft #azure

🔶 onemorepereira/aws-sso-reporter A tool that uses the AWS SSO API to list all users, accounts, permission sets etc. and dumps it into a CSV file for additional parsing or viewing. https://github.com/onemorepereira/aws-sso-reporter #aws

🔶 AWS Network Firewall Workshop A workshop teaching how to deploy Network Firewall using infrastructure as code. https://catalog.us-east-1.prod.workshops.aws/workshops/58df66b5-ffd5-42dc-9e2c-d5a8ebe360d8/en-US #aws

🔶 FivexL's Reaction to the AWS Security Baseline for Startups FivexL shares its outlook on AWS Security Guidelines for startups. Find out how to improve your AWS security efficiently. https://fivexl.io/blog/fivexl-reaction #aws

🔶 An AWS account just for getting into other AWS accounts This is the AWS account that makes having lots of AWS accounts efficient and safe. It's the most important account in your organization. https://src-bin.com/an-aws-account-just-for-getting-into-other-aws-accounts #aws

🔷 Bypassing Azure AD home tenant MFA and CA Because of the Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants. https://aadinternals.com/post/ests #azure

🔶 AWS security assessment: what scanners are missing and how threat modeling may help you? SoftServe’s Pawel Rzepa discusses what scanners are missing and why he think tools cannot fully replace a human assessor in performing an effective AWS security assessment. Key points: scanners lack context, more findings don’t mean a better result, scanners may have security check gaps, skipped data flows and relations. Address these gaps via threat modeling. https://towardsaws.com/aws-security-assessment-what-scanners-are-missing-and-how-threat-modeling-may-help-you-6a76c1c843f3 #aws

🔶 Vault DR with AWS Lambda for Sub-Minute Recovery How YNAP used AWS Lambda functions to reduce the disaster recovery time for HashiCorp Vault to mere seconds. https://www.hashicorp.com/resources/vault-dr-with-aws-lambda-for-sub-minute-recovery #aws