CloudSec Wine

🔶 Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service. https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/ #aws

🔶 Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess Preventing anonymous privilege escalation via misconfigured OIDC roles: defensive strategies and AWS's improvements. https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess #aws

🔶 Understanding AWS Networking: A Guide for Network Engineers This article provides an overview of AWS networking concepts for network engineers, covering VPCs, subnets, route tables, Internet Gateways, NAT Gateways, and security groups. https://www.robertdemeyer.com/post/understanding-aws-networking-a-guide-for-network-engineers #aws

🔶 SaaS authentication: Identity management with Amazon Cognito user pools Various ways Amazon Cognito user pools can enable multi-tenant identity for SaaS solutions. https://aws.amazon.com/ru/blogs/security/saas-authentication-identity-management-with-amazon-cognito-user-pools/ (Use VPN to open from Russia) #aws

🔶 Tenant portability: Move tenants across tiers in a SaaS application Key considerations include maintaining consistent identities, staying compliant, reducing downtime and automating the process. https://aws.amazon.com/ru/blogs/architecture/tenant-portability-move-tenants-across-tiers-in-a-saas-application/ (Use VPN to open from Russia) #aws

🔶 Federated access to Amazon Athena using AWS IAM Identity Center How to use the Athena JDBC driver to connect to Athena from third-party SQL client tools. https://aws.amazon.com/ru/blogs/security/federated-access-to-amazon-athena-using-aws-iam-identity-center/ (Use VPN to open from Russia) #aws

🔴 Why You Should Disable Your Unauthenticated GKE Read-only Ports Google recommends organizations proactively disable their unauthenticated GKE read-only port 10255. Read more about why this is important and how to ensure all read-only ports are disabled. https://orca.security/resources/blog/disable-unauthenticated-read-ports-gke-kubelet-servers/ #gcp

👩‍💻 Identify and prevent abuse of Managed Identities with Federated Credentials from unauthorized entities Options to identify, monitor and avoid persistent access on Managed Identities privileges by adding federated credentials on User-Assigned Managed Identities (UAMI) from malicious or unauthorized entities. https://www.cloud-architekt.net/identify-prevent-abuse-uami-fedcreds/ #azure

🔶 Automate monitoring for your Amazon EKS cluster using CloudWatch Container Insights How to implement Amazon EKS monitoring and alerting using a custom solution that automates EKS observability capabilities for dynamic performance metrics. https://aws.amazon.com/ru/blogs/infrastructure-and-automation/automate-monitoring-for-your-amazon-eks-cluster-using-cloudwatch-container-insights/ (Use VPN to open from Russia) #aws

🔶 Revealing the Inner Structure of AWS Session Tokens A post sharing code and tools to programmatically analyze and modify AWS Session Tokens. https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7 (Use VPN to open from Russia) #aws

🔴 Escalating Privileges in Google Cloud via Open Groups How an attacker can escalate their privileges in Google Cloud by leveraging weak group join settings for groups that have been granted roles in GCP. https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/ #gcp

🔶 Poisoning the SSM Command Document Well A post disclosing risks in using SSM Command Docs for software distribution. https://ramimac.me/poisoning-ssm-command-docs #aws

👩‍💻 A deep dive into Entra ID Identity Protection for Incident Response Identity Protection, and the associated Risky reports, are a quick and easy starting point to check if Microsoft has flagged any risky sign-ins, workloads, or users. https://www.invictus-ir.com/news/a-deep-dive-into-entra-id-identity-protection-for-incident-response #azure

🔶 How to use the AWS Secrets Manager Agent The Secrets Manager Agent is a client-side agent that allows you to standardize consumption of secrets from Secrets Manager across your AWS compute environments. https://aws.amazon.com/ru/blogs/security/how-to-use-the-aws-secrets-manager-agent/ (Use VPN to open from Russia) #aws

🔴 Announcing VPC Service Controls with private IPs to extend data exfiltration protection VPC Service Controls (VPC-SC) creates isolation perimeters around cloud resources and networks in Google Cloud, helping you limit access to your sensitive data. https://cloud.google.com/blog/products/identity-security/announcing-vpc-service-controls-with-private-ips-to-extend-data-exfiltration-protection #gcp

🔴 Zero Trust and BeyondCorp Google Cloud Some sketchnotes on Zero Trust and BeyondCorp Google Cloud. https://cloud.google.com/blog/topics/developers-practitioners/zero-trust-and-beyondcorp-google-cloud #gcp

👩‍💻 Azure Run Command Forensics A forensic analysis of Azure Run Command activities, focusing on how to detect and investigate potential misuse. https://www.cadosecurity.com/blog/azure-run-command-forensics #azure

🔴 ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions Organizations that have used GCP's Cloud Functions could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as ConfusedFunction. https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions (Use VPN to open from Russia) #gcp

🔶 Using S3 as a container registry You can use S3 as a container registry. All it takes is to expose an S3 bucket through HTTP and to upload the image's files to specific paths. https://ochagavia.nl/blog/using-s3-as-a-container-registry/ #aws

🔶 A hard look at GuardDuty shortcomings Is GuardDuty all you need for AWS threat detection? This post offers some results of adversarial simulation, a review of detection latency, and an analysis of projected S3 ransomware timing. https://tracebit.com/blog/a-hard-look-at-guardduty-shortcomings #aws