2212
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
⚙️ Kube-Policies BinauthZ: Closing the Supply Chain Gap in Kubernetes
Block's BinauthZ plugin extends their OPA-based admission controller to cryptographically verify container image signatures and attestations at Kubernetes admission time, enforcing SLSA using Sigstore/cosign with AWS KMS.
https://engineering.block.xyz/blog/kube-policies-binauthz-closing-the-supply-chain-gap-in-kubernetes
#kubernetes
⚙ Running Renovate as a GitHub Action (and NO PAT!)
A post explaining how you can run Renovate as a GitHub Action without needing a GitHub Personal Access Token by using Octo STS.
https://www.chainguard.dev/unchained/running-renovate-as-a-github-action
#cicd
👩💻 Linking Privileged Accounts to Identities in Microsoft Defender: Benefits & Use Cases
Microsoft Defender for Identity now allows linking multiple accounts to a single identity, by correlating accounts from different identity providers or linking distinct user accounts, crucial for incident response and remediation.
https://www.cloud-architekt.net/linking-privileged-accounts-in-defender/
#azure
⚙️ Kubernetes v1.35: A Better Way to Pass Service Account Tokens to CSI Drivers
Kubernetes 1.35 introduces beta support for CSI drivers to receive service account tokens via the "secrets" field instead of "volume_context", preventing accidental token logging.
https://kubernetes.io/blog/2026/01/07/kubernetes-v1-35-csi-sa-tokens-secrets-field-beta/
#kubernetes
⚙ A Brief Deep-Dive into Attacking and Defending Kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.
https://heilancoos.github.io/research/2025/12/16/kubernetes.html
#kubernetes
🔶 pathfinding cloud
An AWS IAM Privilege Escalation Path Library. You can also refer to the companion blog post.
https://github.com/DataDog/pathfinding.cloud
#aws
👩💻 Azure Seamless SSO: When Cookie Theft Doesn’t Cut It
The cookie crumbled when it expired, but the attack path didn't. Learn how BloodHound graph analysis and Azure Seamless SSO enabled pivoting into the cloud.
https://specterops.io/blog/2025/12/11/azure-seamless-sso-when-cookie-theft-doesnt-cut-it/
#azure
🔶 What is EC2 Instance Attestation
EC2 Instance Attestation extends attestable scope from Nitro Enclaves' container environment to entire EC2 instances, enabling greater capabilities like GPU access. However, it requires proactive hardening versus Enclaves' secure-by-default design and more complex deployment through Attestable AMIs.
https://blog.richardfan.xyz/2025/12/18/what-is-ec2-instance-attestation.html
#aws
🔶 boto3-refresh-session
A simple Python package for refreshing AWS temporary credentials in boto3 automatically
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
Что загадывает DevOps на Новый год?
⏺чтобы кластер обновлялся без ночных алертов
⏺сеть работала стабильно и предсказуемо
⏺апгрейд кластера не превращался в вечер с release notes
Разработчики Managed Kubernetes в облаке MWS Cloud Platform ⬜ знают все ваши тайные желания и готовы упростить вашу DevOps-рутину.
С Managed Kubernetes вы получаете:
⏺готовый кластер за несколько минут без сложной настройки
⏺управление жизненным циклом кластера и нод
⏺ автоматическое масштабирование под нагрузку
⏺ нативную работу с сетью и storage через CCM / CSI
⏺ централизованное управление доступами через IAM
🔶🔷🔴 tokenex
A Go library that securely exchanges identity tokens for temporary cloud credentials, with built-in support for AWS, GCP, Azure, OCI, Kubernetes, and OAuth2. You can also refer to the companion blog post.
https://github.com/riptideslabs/tokenex
#aws #azure #gcp
🔶 yams
A Go library, server, and CLI providing foundational capabilities to simulate access for AWS IAM policies.
https://github.com/nsiow/yams
#aws
🔶 AWS Builder Center
A portal collecting hands-on workshops crafted by AWS experts to gain practical experience and solve real business challenges.
https://builder.aws.com/build/workshops
(Use VPN to open from Russia)
#aws
🔶 All Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your AWS Environment
Post which analyzes AWS initial access vectors through identity-driven misconfigurations, categorizing them into service exposure (Lambda, EC2, ECR, DataSync) and access by design (IAM/STS, IoT, Cognito) vulnerabilities that compromise cloud perimeter security.
https://www.paloaltonetworks.com/blog/cloud-security/aws-initial-access-cloud-perimeter-security/
(Use VPN to open from Russia)
#aws
👩💻 Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users
Datadog identified an active adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users. The campaign uses lookalike domains, proxies legitimate authentication pages, injects JavaScript to steal credentials and session tokens, and can bypass non-phishing-resistant MFA.
https://securitylabs.datadoghq.com/articles/investigating-an-aitm-phishing-campaign-m365-okta/
#azure
⚙️ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission
An authorization bypass in Kubernetes RBAC allows for nodes/proxy GET permissions to execute commands in any Pod in the cluster.
https://grahamhelton.com/blog/nodes-proxy-rce
(Use VPN to open from Russia)
#kubernetes
👩💻 A new era of agents, a new era of posture
Microsoft Defender introduces AI Security Posture Management for multi-cloud environments, providing visibility and contextual risk assessment across AI agent architectures. It identifies agents connected to sensitive data, susceptible to indirect prompt injection attacks, and operating as coordinators, while offering attack path analysis and actionable hardening recommendations.
https://www.microsoft.com/en-us/security/blog/2026/01/21/new-era-of-agents-new-era-of-posture/
#azure
🔶 CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories, including the JavaScript SDK powering the AWS Console.
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
#aws
⚙ Kubernetes v1.35: Restricting executables invoked by kubeconfigs via exec plugin allowList added to kuberc
Kubernetes v1.35 introduces beta support for restricting credential plugin executables via kuberc configuration. Users can set "credentialPluginPolicy" to AllowAll, DenyAll, or Allowlist, with an optional "credentialPluginAllowlist" to specify permitted binaries, enhancing security against supply-chain attacks.
https://kubernetes.io/blog/2026/01/09/kubernetes-v1-35-kuberc-credential-plugin-allowlist/
#kubernetes
🔶 Unauthenticated Cluster Takeover in AWS ROSA
A critical vulnerability in AWS ROSA Classic allowed unauthenticated attackers to discover clusters via Certificate Transparency logs, extract cluster UUIDs and owner emails from unauthenticated endpoints, initiate unauthorized cluster transfers, and escalate to AWS account access through ROSA's IAM roles.
https://blog.ryanjarv.sh/2026/01/05/unauth-aws-rosa-cluster-takeover.html
(Use VPN to open from Russia)
#aws
🔶 BadPods Series: Everything Allowed on AWS EKS
How to exploit misconfigured Kubernetes pods on AWS EKS using BishopFox's BadPods "everything-allowed" manifest. Shows container escape via chroot, lateral movement using nsenter, and cloud credential theft via IMDS.
https://cybersecnerds.com/badpods-series-everything-allowed-on-aws-eks/
#aws
👩💻 nOAuth Abuse Update: Potential Pivot into Microsoft 365
Vulnerable SaaS apps could enable attackers to pivot back into Microsoft 365, endangering your entire Microsoft 365 estate.
https://www.semperis.com/blog/noauth-abuse-update-pivot-into-microsoft-365/
#azure
🔶🔷🔴 Dear, cloud family!
Wishing you a New Year filled with innovative solutions, seamless deployments, and sky‑high success! May your cloud infrastructure be always resilient and your downtime — zero. Happy New Year 2026!
We'll be taking a short break and returning in a few days to bring you new, professional content.
#HappyNewYear
👩💻 ATEAM
A Python reconnaissance tool designed to discover Azure services and attribute tenant ownership information based on their responses.
https://github.com/NetSPI/ATEAM
#azure
🔶 aws-extend-switch-roles
Extend your AWS IAM switching roles by Chrome extension, Firefox add-on, or Edge add-on.
https://github.com/tilfinltd/aws-extend-switch-roles
#aws
🔶 IAMhounddog
A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS accounts.
https://github.com/VirtueSecurity/IAMhounddog
#aws
🔶 aws-finops-dashboard
A terminal-based AWS cost and resource dashboard which provides an overview of AWS spend by account, service-level breakdowns, budget tracking, and EC2 instance summaries.
https://github.com/ravikiranvm/aws-finops-dashboard
#aws
🔶 AWS Lambda Managed Instances: A Security Overview
An initial security overview of AWS Lambda Managed Instances, exploring the Bottlerocket-based architecture, the 'Elevator' components, and security insights for this new compute model.
https://www.offensai.com/blog/aws-lambda-managed-instances-security-overview
(Use VPN to open from Russia)
#aws
🔶 Exploiting AWS IAM Eventual Consistency for Persistence
AWS IAM eventual consistency creates a 4-second window where deleted AWS access keys can still work. Learn how attackers exploit this and how to mitigate it.
https://www.offensai.com/blog/aws-iam-eventual-consistency-persistence
(Use VPN to open from Russia)
#aws
🔴 VPC Flow Logs for Cross-Cloud Network
With VPC Flow Logs, now you can monitor critical network traffic moving between your on-prem infrastructure, cross-cloud resources, and Google Cloud.
https://cloud.google.com/blog/products/networking/vpc-flow-logs-for-cross-cloud-network/
#gcp