2068
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
🔶 Secure file sharing solutions in AWS: A security and cost analysis guide
Securely share sensitive data with time-limited, nonce-enhanced presigned URLs that prevent replay attacks, minimizing exposure risks through granular access controls and rigorous monitoring.
https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/
(Use VPN to open from Russia)
#aws
👩💻 Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials
This article explores techniques for extracting credentials from Azure DevOps pipelines, including workload identity federation tokens and service connection secrets, while discussing potential impacts on Terraform Cloud and GitHub resources.
https://labs.reversec.com/posts/2025/07/breaking-down-azure-devops-techniques-for-extracting-pipeline-credentials
#azure
🔶 Aren't AWS Cloud Investigations the same as On-Prem? - Part 1 (AWS EC2)
Mini-series to discuss the similarities and differences of AWS Cloud vs. on-premises investigations, starting with the AWS EC2 service.
https://chesterlebron.blogspot.com/2025/07/arent-aws-cloud-investigations-same-as-on-prem-part-1.html
#aws
🔶🔷🔴 Cloud Threat Horizons Report
The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers.
https://services.google.com/fh/files/misc/cloud_threat_horizons_report_h22025.pdf
(Use VPN to open from Russia)
#aws #azure #gcp
🔴 How to enable Secure Boot for your AI workloads
Secure Boot can help protect AI from the moment GPU-accelerated workloads power up. Here's how to use it on Google Cloud.
https://cloud.google.com/blog/products/identity-security/how-to-enable-secure-boot-for-your-ai-workloads/
#gcp
👩💻 Introducing Microsoft Sentinel data lake
Sentinel data lake, rolling out in Public Preview, giving security teams a powerful, cost-effective way to unify, retain, and analyze all security data.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-microsoft-sentinel-data-lake/4434280
#azure
🔴 Searching for Secrets in Public GCP Images
Truffle Security scanned 8,400+ public GCP images and did not find a single exposed secret.
https://trufflesecurity.com/blog/guest-post-gcp-cloudquarry-searching-for-secrets-in-public-gcp-images
(Use VPN to open from Russia)
#gcp
👩💻 I SPy: Escalating to Entra ID's Global Admin with a first-party app
Backdooring Microsoft's applications is far from over. A vulnerable, built-in SP that could have allowed escalation from Application Administrator to any hybrid tenant user, including Global Admin, was discovered.
https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/
#azure
🔶 Enforcing Least Privilege in AWS IAM with Access Analyzer and Last Access Data
A practical guide on enforcing least privilege in AWS IAM by using IAM Access Analyzer and service Last Accessed data. Includes real workflows, auditing strategies, and automation tips.
https://thehiddenport.dev/posts/aws-enforcing-least-privilege/
#aws
🔶 iam-shrink
Make AWS IAM policies smaller by adding wildcards to actions.
https://github.com/cloud-copilot/iam-shrink
(Use VPN to open from Russia)
#aws
🔶 Threat Technique Catalog for AWS
The Threat Technique Catalog for AWS describes techniques used by threat actors to take advantage of security misconfigurations or compromised credentials on the customer side ("Security in the Cloud") of the shared responsibility model.
https://aws-samples.github.io/threat-technique-catalog-for-aws/
#aws
👩💻 eBPF-based networking & security integration with Microsoft Sentinel
This post explores the setup and configuration of Cilium and Tetragon in Azure Kubernetes Service and integrating & monitoring with Microsoft Sentinel.
https://akingscote.co.uk/posts/aks-cilium-tetragon-ebpf/
(Use VPN to open from Russia)
#azure
👩💻 Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks
Several Azure built-in roles are misconfigured to be over-privileged - they grant more permissions than intended by Azure.
https://www.token.security/blog/azures-role-roulette-how-over-privileged-roles-and-api-vulnerabilities-expose-enterprise-networks
(Use VPN to open from Russia)
#azure
👩💻 Azure Machine Learning Escalation: When Pipelines Go Off the Rails
Orca uncovers a privilege escalation risk in Azure Machine Learning pipelines that could allow attackers to run code and access sensitive data.
https://orca.security/resources/blog/azure-machine-learning-privilege-escalation/
#azure
🔶🔴 gcp-oidc-aws
A Terraform module that creates a GCP Workload Identity Federation to allow AWS workloads to authenticate to GCP via a GCP Service Account, without storing service account keys.
https://github.com/marco-lancini/utils/tree/main/terraform/gcp-oidc-aws
#aws #gcp
🔴 Introducing Google Cloud Setup
Google Cloud Setup helps you quickly implement a robust cloud foundation based on recommended best practices, to get up and running quickly.
https://cloud.google.com/blog/products/devops-sre/introducing-google-cloud-setup/
(Use VPN to open from Russia)
#gcp
🔶 AWS AgentCore: The Overlooked Privilege Escalation Path in Bedrock's AI Tooling
Deep-dive into a privilege escalation path in AWS's new Bedrock AgentCore tooling, specifically the Code Interpreters used by AI agents.
https://sonraisecurity.com/blog/aws-agentcore-privilege-escalation-bedrock-scp-fix/
(Use VPN to open from Russia)
#aws
🔶 An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory
Discover critical AWS Managed Active Directory security vulnerabilities enabling RBCD attacks via ms-ds-MachineAccountQuota. Learn mitigation strategies and detection methods for AWS Directory Service environments.
https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory
(Use VPN to open from Russia)
#aws
🔶 Building an AWS GuardDuty Alert Triage Age
This article explores building an AI agent for AWS GuardDuty alert triage using PydanticAI, demonstrating how LLMs can assist in security automation while maintaining human oversight for alert assessment.
https://dev.to/aws-builders/building-an-aws-guardduty-alert-triage-agent-51e9
#aws
🔶 Implement monitoring for Amazon EKS with managed services
This solution demonstrates building an EKS platform that combines flexible compute options with enterprise-grade observability using AWS native services and OpenTelemetry.
https://aws.amazon.com/ru/blogs/architecture/implement-monitoring-for-amazon-eks-with-managed-services/
(Use VPN to open from Russia)
#aws
🔴 Zigazoo too, Another Firebase Boogaloo
Zigazoo, a social network for kids, has been found to have significant security vulnerabilities, including unauthorized access to user records, content, and account escalation, all related to Firebase.
https://amenbreakpoint.com/posts/zigazoo/
#gcp
🔶 Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory
Post discussing several critical AWS Managed Active Directory security vulnerabilities enabling RBCD attacks via ms-ds-MachineAccountQuota.
https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory
#aws
🔶 API Keys for Bedrock: A Brief Security Overview
This new authentication method for Amazon Bedrock introduces some helpful options, but also brings challenges.
adan.alvarez/api-keys-for-bedrock-a-brief-security-overview-2133ed9a2b3f" rel="nofollow">https://medium.com/@adan.alvarez/api-keys-for-bedrock-a-brief-security-overview-2133ed9a2b3f
(Use VPN to open from Russia)
#aws
🔶 Making file encryption fast and secure for teams with advanced key management
Dropbox has developed an advanced key management solution to enhance team-based file encryption, addressing the needs of customers with sensitive data, such as those in finance or healthcare.
https://dropbox.tech/security/file-encryption-teams-advanced-key-management
#aws
🔶 sample-visualizing-access-rights-for-identity-on-aws
This is a sample solution that demonstrates how to use AWS IAM Identity Center with Neptune to visualize and map relationships between identities and resources.
https://github.com/aws-samples/sample-visualizing-access-rights-for-identity-on-aws
#aws
👩💻 Microsoft expands Zero Trust workshop to cover network, SecOps, and more
Microsoft announced the expansion of the Zero Trust workshop to cover the additional technical pillars of Zero Trust, assisting customers on strategies that may contribute to securing their network, infrastructure, and connecting all these elements with security operations (SecOps).
https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/
#azure
👩💻 Extracting Sensitive Information from Azure Load Testing
The blog discusses techniques for extracting sensitive information from the Azure Load Testing service, which supports Managed Identities for accessing Key Vault entries.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/extracting-sensitive-information-azure-load-testing/
(Use VPN to open from Russia)
#azure
👩💻 When Backups Open Backdoors: Accessing Sensitive Cloud Data via «Synology Active Backup for Microsoft 365»
A leaked credential allowed anyone unauthorized access to all Microsoft tenants of organizations that use Synology's «Active Backup for Microsoft 365» (ABM).
https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/
(Use VPN to open from Russia)
#azure
👩💻 Requesting Entra ID Tokens with Entra ID SSO Cookies
How to use a browser SSO cookie to request Entra ID OAuth tokens and enumerate a target tenant. This technique is useful when a device is not joined to an Entra ID tenant.
https://specterops.io/blog/2025/06/27/requesting-entra-id-tokens-with-entra-id-sso-cookies/
#azure
🔶 The Future of Threat Emulation: Building AI Agents that Hunt Like Cloud Adversaries
Exploring the breakthrough potential and emerging risks of AI agents that can autonomously discover and exploit complex AWS attack chains.
https://www.offensai.com/blog/the-future-of-threat-emulation-building-ai-agents-that-hunt-like-cloud-adversaries
#aws