uk
Feedback
CloudSec Wine

CloudSec Wine

Відкрити в Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Показати більше
2 228
Підписники
Немає даних24 години
+17 днів
+330 день
Архів дописів
🔸Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials How to detect if an attacker is abusing temporary c
🔸Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials How to detect if an attacker is abusing temporary credentials in your AWS accounts using Splunk. https://www.splunk.com/en_us/blog/security/using-splunk-to-detect-abuse-of-aws-permanent-and-temporary-credentials.html #aws

🔸Abusing AWS Connection Tracking How to abuse Connection Tracking in AWS to persist connections on a host, even when a more
🔸Abusing AWS Connection Tracking How to abuse Connection Tracking in AWS to persist connections on a host, even when a more restrictive security group is put in place as a result of incident response. https://frichetten.com/blog/abusing-aws-connection-tracking/ #aws

🔸How to Create Unlimited Rotating IP Addresses with AWS Devin Stokes describes how to use proxycannon-ng to distribute your
🔸How to Create Unlimited Rotating IP Addresses with AWS Devin Stokes describes how to use proxycannon-ng to distribute your traffic over an endless supply of cloud-based IP addresses. https://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728 #aws

⚪️Compromise any GCP Org Via Cloud API Lateral Movement and Privilege Escalation Great BlackHat USA / DEF CON Safe Mode talk by Allison Donovan and Dylan Ayrey and tool release, gcploit, a “BFS search tool meant for defensive threat models, a mock org simulator, as well as stack driver queries that profile the gcploit tool.” https://www.youtube.com/watch?v=Ml09R38jpok #gcp

🔸SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns BlackHat Arsenal presentation by Bishop Fox’s Rob Ragan and Oscar Salazar on a new tool: Smogcloud, that can be used to find exposed AWS cloud assets that you may not have known you had. - For example: Internet-facing FQDNs and IPs across one or hundreds of AWS accounts, assets that are no longer in use, services not currently monitored, shadow IT, etc. - Currently supports about 13 different AWS services. https://github.com/BishopFox/smogcloud #aws

🔸cr0hn/festin A tool by Daniel García for discovering open S3 Buckets starting from domains. Collects info via DNS, web pages (crawler), and S3 buckets themselves (like S3 redirections). “Watch mode” can listen for new domains in real time, and supports downloading bucket objects and putting them in Redis Search to enable full-text search of discovered contents. https://github.com/cr0hn/festin #aws

🔸Analyzing IAM Policies at Scale with Parliament The most efficient and repeatable method for finding misconfigurations in IAM policies and roles is to automate the detection process using existing libraries. This blog explores how the Parliament library can be run to detect if a policy is malformed, identify unknown permissions that do not exist within the platform, and callout resource mismatches when resources and permissions do not apply to each other. https://blog.scalesec.com/analyzing-iam-policies-at-scale-with-parliament-69ae50d335e #aws

🔸Best Practices for Securing Amazon EMR This post walks you through some of the principles of Amazon EMR (a managed Hadoop framework) security, including encryption, authentication, and network access. https://aws.amazon.com/blogs/big-data/best-practices-for-securing-amazon-emr/ #aws

⚪️ Introducing CAS: Securing applications with private CAs and certificates Google announced Certificate Authority Service (CAS), a highly scalable and available service that simplifies and automates the management and deployment of private CAs. https://cloud.google.com/blog/products/identity-security/introducing-cas-a-cloud-based-managed-ca-for-the-devops-and-iot-world #gcp

🔸Using Amazon GuardDuty to Protect Your S3 Buckets This expands GuardDuty threat detection coverage beyond workloads and AWS
🔸Using Amazon GuardDuty to Protect Your S3 Buckets This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your data stored in S3. https://aws.amazon.com/ru/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/?sc_channel=sm&sc_campaign=AWSSecurity_Services&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=adoption&trk=AWSSecurity_Services_TWITTER&linkId=95689196 #aws

🔹 Five Best Practices for Cloud Security Overview providing a snapshot of five best practices for cloud security: identity and access control, security posture management, apps and data security, threat protection, and network security. #azure

🔸Secure your AWS ECS Microservices with Consul Service Mesh Blog looking at a Consul service mesh pattern for applications i
🔸Secure your AWS ECS Microservices with Consul Service Mesh Blog looking at a Consul service mesh pattern for applications in ECS. This example is running on EC2 instances under an ECS managed cluster, but could be easily modified to run Fargate workloads as well. https://medium.com/hashicorp-engineering/secure-your-aws-ecs-microservices-with-consul-service-mesh-23df69949754 #aws

⚪️ Preventing lateral movement in Google Compute Engine To implement a defense in depth approach for Compute Engine there are a few things you should do, like isolate your production resources from the internet, disable the use of default service accounts, limit access to service account credentials, use OS Login to manage access to VMs, apply the principle of least-privilege, and collect logs and monitor your system. https://cloud.google.com/blog/products/identity-security/preventing-lateral-movement-in-google-compute-engine #gcp

🔹Moving Windows Server to Microsoft Azure to Enable Compliance Free e-book discussing how to manage compliance, privacy, and
🔹Moving Windows Server to Microsoft Azure to Enable Compliance Free e-book discussing how to manage compliance, privacy, and security when migrating Windows Server workloads to Azure. https://azure.microsoft.com/en-us/resources/moving-windows-server-to-microsoft-azure-to-enable-compliance/ #azure

🔸AWS Exposable Resources Repo maintaining a list of all AWS resources that can be publicly exposed, and eventually, those that can be shared with untrusted accounts. https://github.com/SummitRoute/aws_exposable_resources #aws

🔸aws-recon Recon helps build a comprehensive inventory of the security-related metadata in an AWS account. The output is standard JSON, so it can be used in automation pipelines or feed into other tools for further analysis. https://github.com/darkbitio/aws-recon #aws

🔸How to use resource-based policies in the AWS Secrets Manager console to securely access secrets across AWS accounts AWS Se
🔸How to use resource-based policies in the AWS Secrets Manager console to securely access secrets across AWS accounts AWS Secrets Manager now allows to create and manage resource-based policies using the Secrets Manager console. At the same time, Secrets Manager is now able to identify and prevent creation of resource policies that grant overly broad access to secrets across AWS accounts. https://aws.amazon.com/ru/blogs/security/how-to-use-resource-based-policies-aws-secrets-manager-console-to-securely-access-secrets-aws-accounts/ #aws

🔸How CloudWatch Alarms Work by Andrew Brown https://twitter.com/andrewbrown/status/1284672904878346240 #aws
🔸How CloudWatch Alarms Work by Andrew Brown https://twitter.com/andrewbrown/status/1284672904878346240 #aws

🔹Azure security best practices and patterns Security best practices to use when designing, deploying, and managing cloud solutions by using Azure. https://docs.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns #azure

🔸Amazon Fraud Detector is now Generally Available “A fully managed service that makes it easy to identify potentially fraudu
🔸Amazon Fraud Detector is now Generally Available “A fully managed service that makes it easy to identify potentially fraudulent online activities such as online payment fraud and the creation of fake accounts.” https://aws.amazon.com/ru/blogs/aws/amazon-fraud-detector-is-now-generally-available/ #aws