ru
Feedback
CloudSec Wine

CloudSec Wine

Открыть в Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Больше
2 231
Подписчики
Нет данных24 часа
+27 дней
+630 день
Архив постов
👩‍💻 Abusing FIDO2 passkeys to take over Global Administrators in Entra ID Microsoft has recently published a Graph API that
👩‍💻 Abusing FIDO2 passkeys to take over Global Administrators in Entra ID Microsoft has recently published a Graph API that allows administrators to pre-provision passkeys for users. From an offensive security point of view this raises the question whether this functionality can be abused to take over accounts. https://www.secura.com/services/information-technology/vapt/what-can-be-pentested/cloud-pentesting/abusing-fido2-passkeys #azure

🔶 How AWS enforcement code logic evaluates requests to allow or deny access AWS updated the IAM policy evaluation chart. htt
🔶 How AWS enforcement code logic evaluates requests to allow or deny access AWS updated the IAM policy evaluation chart. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-denyallow.html (Use VPN to open from Russia) #aws

🔶 Unauthorized tactic spotlight: Initial access through a third-party identity provider Some of the recent techniques used b
🔶 Unauthorized tactic spotlight: Initial access through a third-party identity provider Some of the recent techniques used by threat actors that leverage specific customer configurations or design to make unauthorized use of resources within an AWS account. https://aws.amazon.com/ru/blogs/security/unauthorized-tactic-spotlight-initial-access-through-a-third-party-identity-provider/ (Use VPN to open from Russia) #aws

🔶 Implement effective data authorization mechanisms to secure your data used in generative AI applications Post walking thro
🔶 Implement effective data authorization mechanisms to secure your data used in generative AI applications Post walking through the risks associated with using sensitive data as part of fine-tuning for FMs, retrieval augmented generation (RAG), AI agents, and tooling with generative AI workloads. https://aws.amazon.com/ru/blogs/security/implement-effective-data-authorization-mechanisms-to-secure-your-data-used-in-generative-ai-applications/ (Use VPN to open from Russia) #aws

🔴 Filling up the DagBag: Privilege Escalation in Google Cloud Composer An attacker that has write access to the Cloud Compos
🔴 Filling up the DagBag: Privilege Escalation in Google Cloud Composer An attacker that has write access to the Cloud Composer environment's dedicated bucket can gain command execution in the Composer environment. https://www.netspi.com/blog/technical-blog/cloud-pentesting/privilege-escalation-google-cloud-composer/ #gcp

🔶 How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access The process involves using API actions like CreateTru
🔶 How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access The process involves using API actions like CreateTrustAnchor and CreateProfile to facilitate the exploitation. https://medium.com/@adan.alvarez/how-attackers-can-abuse-iam-roles-anywhere-for-persistent-aws-access-b3ced6935dca (Use VPN to open from Russia) #aws

🔶 Building an AppRunner on EC2 with Cloudflare Zero Trust Access How to automate the deployment of a private AppRunner insta
🔶 Building an AppRunner on EC2 with Cloudflare Zero Trust Access How to automate the deployment of a private AppRunner instance on AWS that hosts multiple internal apps securely behind Cloudflare's zero-trust access controls. https://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/ #aws

🔶 I bought us-east-1.com: A Look at Security, DNS Traffic, and Protecting AWS Users When people think about the term «us-eas
🔶 I bought us-east-1.com: A Look at Security, DNS Traffic, and Protecting AWS Users When people think about the term «us-east-1», they often think of AWS's very data center region that powers countless businesses worldwide. But what if someone registered the us-east-1.com domain? https://dev.to/aws-builders/i-bought-us-east-1com-a-look-at-security-dns-traffic-and-protecting-aws-users-15ng #aws

🔶 EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files This campaign used multiple pri
🔶 EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation. https://sysdig.com/blog/emeraldwhale/ (Use VPN to open from Russia) #aws

🔶 Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy The article explores how threat act
🔶 Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy The article explores how threat actors manage to work around the limitations of the quarantine policy (AWSCompromisedKeyQuarantineV2) that is applied to identities whose credentials are leaked. https://permiso.io/blog/introducing-detention-dodger #aws

🔴 Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends This post offers a deep dive int
🔴 Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends This post offers a deep dive into Google Cloud's default service accounts, explaining their functionality, risks, and real-world adoption trends. https://securitylabs.datadoghq.com/articles/google-cloud-default-service-accounts/ #gcp

🔶 AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover The impact of this issue could, in certain scenarios
🔶 AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover. https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/ #aws

🔶 How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub How to inte
🔶 How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub How to integrate Amazon Detective with AWS Security Hub, giving you better visibility into threat indicators and investigative data directly from Security Hub, which provides you with a centralized view of your overall security posture across your AWS accounts. https://aws.amazon.com/ru/blogs/security/how-to-use-the-amazon-detective-api-to-investigate-guardduty-security-findings-and-enrich-data-in-security-hub/ (Use VPN to open from Russia) #aws

🔶 How to use interface VPC endpoints to meet your security objectives Four security objectives that VPC endpoints help you a
🔶 How to use interface VPC endpoints to meet your security objectives Four security objectives that VPC endpoints help you achieve. https://aws.amazon.com/ru/blogs/security/how-to-use-interface-vpc-endpoints-to-meet-your-security-objectives/ (Use VPN to open from Russia) #aws

🔶 How to build a Security Guardians program to distribute security ownership Post outlining the steps to follow to build you
🔶 How to build a Security Guardians program to distribute security ownership Post outlining the steps to follow to build your own Security Guardians program for your organization. https://aws.amazon.com/ru/blogs/security/how-to-build-your-own-security-guardians-program/ (Use VPN to open from Russia) #aws

🔶 How to build a Security Guardians program to distribute security ownership Post outlining the steps to follow to build you
🔶 How to build a Security Guardians program to distribute security ownership Post outlining the steps to follow to build your own Security Guardians program for your organization. https://aws.amazon.com/ru/blogs/security/how-to-build-your-own-security-guardians-program/ (Use VPN to open from Russia) #aws

🔶 AWS IAM Policy Condition Operators Explained There are 27 basic condition operators you can use in an AWS IAM policy. Then
🔶 AWS IAM Policy Condition Operators Explained There are 27 basic condition operators you can use in an AWS IAM policy. Then you can add "ForAllValues" or "ForAnyValue" to the beginning and "IfExists" to the end of almost all of them. https://iam.cloudcopilot.io/resources/operators #aws

🔶 Security Logging in Cloud Environments - AWS Author has refreshed article which covers how to design a state of the art mu
🔶 Security Logging in Cloud Environments - AWS Author has refreshed article which covers how to design a state of the art multi-account security logging platform in AWS: removed stale links and legacy advice on MFA delete, added API Gateway access logs, and added a "Tracking Misconfigurations" section. https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/ #aws

🔶 Perfecting Ransomware on AWS - Using "keys to the kingdom" to change the locks This article discusses the shift from tradi
🔶 Perfecting Ransomware on AWS - Using "keys to the kingdom" to change the locks This article discusses the shift from traditional data dumping in compromised AWS accounts to utilizing AWS KMS features for ransomware attacks. https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802 #aws

🔶 CloudShell slip-up: command-line access to underlying AWS infrastructure Incident Overview: During a cloud security traini
🔶 CloudShell slip-up: command-line access to underlying AWS infrastructure Incident Overview: During a cloud security training session, a delegate encountered an unexpected AWS account identity while using CloudShell. https://medium.com/@paulschwarzenberger/cloudshell-slip-up-command-line-access-to-underlying-aws-infrastructure-ae77a0858088 #aws