CloudSec Wine

🔴 Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration This post covers how a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account. https://orca.security/resources/blog/lateral-movement-google-cloud-default-service-account #gcp

🔷 AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service. https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability #azure

🔶🔷🔴 CVE-2022-0847 (aka Dirty Pipe): What does it mean for defenders A quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine the impact of CVE-2022-0847 on their company's infrastructure. https://www.marcolancini.it/2022/blog-cve-2022-0847-dirty-pipe #aws #azure #gcp

🔶A comprehensive Threat Model for Amazon S3. https://controlcatalog.trustoncloud.com/dashboard/aws/s3 #aws

🔶 AWS Security Reference Architecture 60pg PDF by AWS Professional services containing a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. GitHub repo with example solutions. https://github.com/aws-samples/aws-security-reference-architecture-examples #aws

🔷 Stay on top of database threats with Microsoft Defender for Azure Cosmos DB Microsoft announced a new addition to their database protection offering Microsoft Defender for Azure Cosmos DB in preview. https://azure.microsoft.com/en-gb/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db #azure

🔶 awslabs/aws-cloudsaga Tool to test security controls and alerts within your AWS environment, using generated alerts based on security events seen by the AWS Customer Incident Response Team (CIRT). https://github.com/awslabs/aws-cloudsaga #aws

🔴 GCP launches deny policies IAM deny policies let you set guardrails on access to Google Cloud resources. With deny policies, you can define deny rules that prevent certain principals from using certain permissions, regardless of the roles they're granted. https://cloud.google.com/iam/docs/deny-overview #gcp

🔶 Granted.dev A CLI tool by Common Fate that simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. It’s designed for AWS SSO and encrypts cached credentials to avoid plaintext SSO tokens being saved on disk. https://granted.dev/ #aws

🔶 Let’s Architect! Architecting for Security Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance. https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security #aws

🔷 Observability from cloud to edge in Azure Some use cases for Azure Monitor. https://azure.microsoft.com/en-gb/blog/observability-from-cloud-to-edge-in-azure/ #azure

🔶🔷🔴 Cloud 9: Top Cloud Penetration Testing Tools Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills. https://bishopfox.com/blog/cloud-pen-testing-tools #aws #azure #gcp

🔶 Are AWS account IDs sensitive information? One of the often-debated questions in AWS is whether AWS account IDs are sensitive information or not and the question has been oddly-difficult to answer definitively. https://www.lastweekinaws.com/blog/are-aws-account-ids-sensitive-information/ #aws

🔷🔴 Google Cloud: configuring workload identity federation with Azure How to configure workload identity federation with Azure (OIDC-compliant IdP) so workloads running on an Azure VM can impersonate a service account to perform operations on a Google Cloud resource. https://medium.com/google-cloud/configuring-workload-identity-federation-with-azure-672a1e1f3eec #azure #gcp

🔶 Top 2021 AWS Security service launches security professionals should review - Part 1 An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of. https://aws.amazon.com/ru/blogs/security/top-2021-aws-security-service-launches-part-1 #aws

🔶 AdminTurnedDevOps/DevOps-The-Hard-Way-AWS Free labs, documentation, and diagrams for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to AWS, by Mike Levan. https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS #aws

🔷 Secure Azure Cosmos DB access by using Azure Managed Identities How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities. https://itnext.io/secure-azure-cosmos-db-access-by-using-azure-managed-identities-55f9fdf48fda?gi=eec46e048be1 #azure

🔶 imdsv2_wall_of_shame List of vendors that do not allow IMDSv2 enforcement. https://github.com/SummitRoute/imdsv2_wall_of_shame #aws

🔷 10 ways of gaining control over Azure function Apps Some techniques for taking over Azure Function Apps. https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6 #azure

🔶 Terraform AWS Provider 4.0 Refactors S3 Bucket Resource Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long. https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource #aws