ru
Feedback
CloudSec Wine

CloudSec Wine

Открыть в Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Больше
2 239
Подписчики
+424 часа
+117 дней
+1530 день
Архив постов
🔴 Introducing Security Command Center Enterprise Security Command Center Enterprise is the first multicloud risk management
🔴 Introducing Security Command Center Enterprise Security Command Center Enterprise is the first multicloud risk management solution that fuses AI-powered SecOps with cloud security. https://cloud.google.com/blog/products/identity-security/introducing-security-command-center-enterprise #gcp

🔶 The Missing Guide to AWS API Gateway Access Logs Learn the what, why, and how of API Gateway access logs. https://www.alex
🔶 The Missing Guide to AWS API Gateway Access Logs Learn the what, why, and how of API Gateway access logs. https://www.alexdebrie.com/posts/api-gateway-access-logs/ #aws

🔶 Introducing the AWS WAF traffic overview dashboard Post introducing the new dashboards and delve into a few use cases to h
🔶 Introducing the AWS WAF traffic overview dashboard Post introducing the new dashboards and delve into a few use cases to help you gain better visibility into the overall security of your applications using AWS WAF and make informed decisions based on insights from the dashboards. https://aws.amazon.com/ru/blogs/security/introducing-the-aws-waf-traffic-overview-dashboard/ #aws

Яндекс делает закрытую вечеринку от команды информационной безопасности Yet Another Security Night 27 марта в 18:00 Только оф
Яндекс делает закрытую вечеринку от команды информационной безопасности Yet Another Security Night 27 марта в 18:00 Только офлайн в Москве и в Питере Мы приглашаем к себе в гости в офис на Льва Толстого в Москве и атмосферную локацию на набережной в Питере, где: ▫️Эксперты Яндекса расскажут про: - Яндекс in-house: один день из жизни инженера СИБ, Спартак Свасян - Уязвимости бизнес-логики, которые могут стоить вам миллионы, Азиз Алимов ▫️Бизнес игра - погружение во внутренние процессы команды в комфортном режиме ▫️Много нетворкинга и знакомств с нашими экспертами ▫️Афтерпати с DJ-сетом, крафтовыми напитками и настольным футболом Получите приглашение - регистрация открыта! Реклама. ООО "Яндекс", ИНН 7736207543 #advertising

🔶 The AWS S3 Denial of Wallet amplification attack If you publicly host large data files on AWS S3 and pay for AWS transfer
🔶 The AWS S3 Denial of Wallet amplification attack If you publicly host large data files on AWS S3 and pay for AWS transfer costs, you may be vulnerable to a "Denial of Wallet" amplification attack. https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d (Use VPN to open from Russia) #aws

👩‍💻 The mystery of the EnrichedOffice365AuditLogs solved With Global Secure Access enabled access to the Microsoft 365 serv
👩‍💻 The mystery of the EnrichedOffice365AuditLogs solved With Global Secure Access enabled access to the Microsoft 365 services such as SharePoint/OneDrive will be recorded in the EnrichedOffice365AuditLogs. https://www.invictus-ir.com/news/the-mystery-of-the-enrichedoffice365auditlogs-solved #azure

👩‍💻 Meet Silver SAML: Golden SAML in the Cloud Semperis researchers have discovered Silver SAML: a new application of Golde
👩‍💻 Meet Silver SAML: Golden SAML in the Cloud Semperis researchers have discovered Silver SAML: a new application of Golden SAML that can be exploited in Entra ID and without AD FS. https://www.semperis.com/blog/meet-silver-saml/ #azure

🔴 From Lighthouse to Loran - Navigating GCP Security Auditing Tools Set sail on a secure journey through Google Cloud Platfo
🔴 From Lighthouse to Loran - Navigating GCP Security Auditing Tools Set sail on a secure journey through Google Cloud Platform with built-in and open-source auditing tools. https://alexmorgan.uk/blog/from-lighthouse-to-loran---navigating-gcp-security-auditing-tools/ #gcp

🎉🥳 Dear women of our community! We would like to congratulate you on International Women's Day! We wish you to remain a sou
🎉🥳 Dear women of our community! We would like to congratulate you on International Women's Day! We wish you to remain a source of inspiration so that we, men, make clouds even safer) 🔶 Whoever has time this holiday - we recommend reading the post «Enhance container software supply chain visibility through SBOM export with Amazon Inspector and QuickSight». How to can export software bills of materials (SBOMs) for your containers by using an AWS native service, Amazon Inspector, and visualize the SBOMs through Amazon QuickSight. https://aws.amazon.com/ru/blogs/security/enhance-container-software-supply-chain-visibility-through-sbom-export-with-amazon-inspector-and-quicksight/ #aws

👩‍💻 Extracting Sensitive Information from the Azure Batch Service Attackers with Reader access to Batch can: read sensitive
👩‍💻 Extracting Sensitive Information from the Azure Batch Service Attackers with Reader access to Batch can: read sensitive data from job outputs and gain access to SAS tokens for Storage Account files attached to the jobs. https://www.netspi.com/blog/technical/cloud-penetration-testing/extracting-sensitive-information-from-azure-batch-service/ #azure

🔶 The state of ABAC on AWS (in 2024) Scott Piper checked in on «The state of ABAC on AWS» back in 2020. Things are only a li
🔶 The state of ABAC on AWS (in 2024) Scott Piper checked in on «The state of ABAC on AWS» back in 2020. Things are only a little better. https://ramimac.me/abac #aws

🔶🔷🔴 Navigating the Cloud: Exploring Lateral Movement Techniques Some lateral movement techniques observed in the wild with
🔶🔷🔴 Navigating the Cloud: Exploring Lateral Movement Techniques Some lateral movement techniques observed in the wild within cloud environments. https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/ #aws #azure #gcp

🔶 Security Centralization for AWS Multi-account using Native Services Post going through native tools that we can utilize to
🔶 Security Centralization for AWS Multi-account using Native Services Post going through native tools that we can utilize to centralize compliance, logging, monitoring, and user & access management through multi-accounts in an organization. https://www.infracloud.io/blogs/security-centralization-aws-multi-account-using-native-services/ #aws

🔷 How to be IR prepared in Azure This blog demystifies Azure's sometimes complicated logging methods, outlining which logs s
🔷 How to be IR prepared in Azure This blog demystifies Azure's sometimes complicated logging methods, outlining which logs should be enabled and how to enable them. https://www.cadosecurity.com/how-to-be-ir-prepared-in-azure/ #azure

🔷 How I bypassed the control plane in Azure OpenAI The Trust on Cloud team discovered a way to allow the management of Azure
🔷 How I bypassed the control plane in Azure OpenAI The Trust on Cloud team discovered a way to allow the management of Azure OpenAI deployments via the Data Plane, resulting in the loss of major security controls. https://trustoncloud.com/how-i-bypassed-the-control-plane-in-azure-openai/ #azure

🔷 Pivoting from Microsoft Cloud to On-Premise Machines This article demonstrates one situation discovered during a recent cl
🔷 Pivoting from Microsoft Cloud to On-Premise Machines This article demonstrates one situation discovered during a recent cloud penetration test that allowed the team to pivot from a Microsoft cloud environment to on-premise machines via PSRemoting. https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/ #azure

🔶 Detecting Manual AWS Actions: An Update! An updated version of how to detect manual AWS actions from employees. https://ar
🔶 Detecting Manual AWS Actions: An Update! An updated version of how to detect manual AWS actions from employees. https://arkadiyt.com/2024/02/18/detecting-manual-aws-actions-an-update/ #aws

🔶 A few notes on AWS Nitro Enclaves: Images and attestation The AWS Nitro Enclaves platform lacks thorough documentation and
🔶 A few notes on AWS Nitro Enclaves: Images and attestation The AWS Nitro Enclaves platform lacks thorough documentation and mature tooling. So the Trail of Bits team decided to do some deep research into it to fill in some of the documentation gaps and, most importantly, to find security footguns and offer some advice for avoiding them. https://blog.trailofbits.com/2024/02/16/a-few-notes-on-aws-nitro-enclaves-images-and-attestation/ #aws

🔶 How to be IR Prepared in AWS This blog aims to demystify AWS' sometimes complicated logging methods to help organizations
🔶 How to be IR Prepared in AWS This blog aims to demystify AWS' sometimes complicated logging methods to help organizations prepare for when a security incident occurs, outlining which logs should be enabled for the purpose of incident investigations. https://www.cadosecurity.com/how-to-be-ir-prepared-in-aws/ #aws

🔶 (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup The author re
🔶 (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup The author reviews infrastructure decisions over four years at a startup, covering successful choices and regrets, emphasizing AWS, EKS, managed services, automation, and the value of early adoption and GitOps. https://cep.dev/posts/every-infrastructure-decision-i-endorse-or-regret-after-4-years-running-infrastructure-at-a-startup/ #aws