2199
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
Яндекс делает закрытую вечеринку от команды информационной безопасности Yet Another Security Night
27 марта в 18:00
Только офлайн в Москве и в Питере
Мы приглашаем к себе в гости в офис на Льва Толстого в Москве и атмосферную локацию на набережной в Питере, где:
▫️Эксперты Яндекса расскажут про:
- Яндекс in-house: один день из жизни инженера СИБ, Спартак Свасян
- Уязвимости бизнес-логики, которые могут стоить вам миллионы, Азиз Алимов
▫️Бизнес игра - погружение во внутренние процессы команды в комфортном режиме
▫️Много нетворкинга и знакомств с нашими экспертами
▫️Афтерпати с DJ-сетом, крафтовыми напитками и настольным футболом
Получите приглашение - регистрация открыта!
Реклама. ООО "Яндекс", ИНН 7736207543
#advertising
👩💻 The mystery of the EnrichedOffice365AuditLogs solved
With Global Secure Access enabled access to the Microsoft 365 services such as SharePoint/OneDrive will be recorded in the EnrichedOffice365AuditLogs.
https://www.invictus-ir.com/news/the-mystery-of-the-enrichedoffice365auditlogs-solved
#azure
🔴 From Lighthouse to Loran - Navigating GCP Security Auditing Tools
Set sail on a secure journey through Google Cloud Platform with built-in and open-source auditing tools.
https://alexmorgan.uk/blog/from-lighthouse-to-loran---navigating-gcp-security-auditing-tools/
#gcp
👩💻 Extracting Sensitive Information from the Azure Batch Service
Attackers with Reader access to Batch can: read sensitive data from job outputs and gain access to SAS tokens for Storage Account files attached to the jobs.
https://www.netspi.com/blog/technical/cloud-penetration-testing/extracting-sensitive-information-from-azure-batch-service/
#azure
🔶🔷🔴 Navigating the Cloud: Exploring Lateral Movement Techniques
Some lateral movement techniques observed in the wild within cloud environments.
https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/
#aws #azure #gcp
🔷 How to be IR prepared in Azure
This blog demystifies Azure's sometimes complicated logging methods, outlining which logs should be enabled and how to enable them.
https://www.cadosecurity.com/how-to-be-ir-prepared-in-azure/
#azure
🔷 Pivoting from Microsoft Cloud to On-Premise Machines
This article demonstrates one situation discovered during a recent cloud penetration test that allowed the team to pivot from a Microsoft cloud environment to on-premise machines via PSRemoting.
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
#azure
🔶 A few notes on AWS Nitro Enclaves: Images and attestation
The AWS Nitro Enclaves platform lacks thorough documentation and mature tooling. So the Trail of Bits team decided to do some deep research into it to fill in some of the documentation gaps and, most importantly, to find security footguns and offer some advice for avoiding them.
https://blog.trailofbits.com/2024/02/16/a-few-notes-on-aws-nitro-enclaves-images-and-attestation/
#aws
🔶 (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup
The author reviews infrastructure decisions over four years at a startup, covering successful choices and regrets, emphasizing AWS, EKS, managed services, automation, and the value of early adoption and GitOps.
https://cep.dev/posts/every-infrastructure-decision-i-endorse-or-regret-after-4-years-running-infrastructure-at-a-startup/
#aws
🔷 The Attackers Guide to Azure AD Conditional Access
Post showing why it is important to understand the Conditional Access policy evaluation process and how to find and exploit flaws in a policy design.
https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
#azure
🔶 New EKS Access Management and Pod Identity features: a security analysis
The Wiz research team unpacks the security implications of the new EKS access and identity management features and recommends best practices when using them.
https://www.wiz.io/blog/eks-cluster-access-management-and-pod-identity-security-recommendations
#aws
🔷 Azure HDInsight Privilege Escalation and Denial of Service Vulnerabilities
The Orca Security Research Pod discovered three vulnerabilities in Azure HDInsight that could lead to privilege escalation and denial of service.
https://orca.security/resources/blog/azure-hd-insight-vulnerabilities-privilege-escalation/
#azure
🔴 Announcing general availability of Custom Org Policy to help tailor resource guardrails with confidence
Custom Organization Policies is now generally available. The powerful new extension to Org Policies can create granular resource policies to address cloud governance requirements.
https://cloud.google.com/blog/products/identity-security/announcing-custom-org-policy-to-help-tailor-resource-guardrails-with-confidence/
#gcp
🔷 Azure Arc as persistence technique: stealthier than one would think on Linux servers
Post analyzing how using Azure Arc as a persistence vector would work, and what kind of logs it would generate on the host.
https://safecontrols.blog/2023/10/25/azure-arc-as-persistence-technique-stealthier-than-one-would-think-on-linux-servers/
#azure
🔶 The curious case of DangerDev@protonmail.me
An AWS incident response story, including the techniques used by the threat actor.
https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me
#aws
🔶 The AWS S3 Denial of Wallet amplification attack
If you publicly host large data files on AWS S3 and pay for AWS transfer costs, you may be vulnerable to a «Denial of Wallet» amplification attack.
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
(Use VPN to open from Russia)
#aws
👩💻 Meet Silver SAML: Golden SAML in the Cloud
Semperis researchers have discovered Silver SAML: a new application of Golden SAML that can be exploited in Entra ID and without AD FS.
https://www.semperis.com/blog/meet-silver-saml/
#azure
🎉🥳 Dear women of our community! We would like to congratulate you on International Women's Day!
We wish you to remain a source of inspiration so that we, men, make clouds even safer)
🔶 Whoever has time this holiday - we recommend reading the post «Enhance container software supply chain visibility through SBOM export with Amazon Inspector and QuickSight».
How to can export software bills of materials (SBOMs) for your containers by using an AWS native service, Amazon Inspector, and visualize the SBOMs through Amazon QuickSight.
https://aws.amazon.com/ru/blogs/security/enhance-container-software-supply-chain-visibility-through-sbom-export-with-amazon-inspector-and-quicksight/
#aws
🔶 The state of ABAC on AWS (in 2024)
Scott Piper checked in on «The state of ABAC on AWS» back in 2020. Things are only a little better.
https://ramimac.me/abac
#aws
🔶 Security Centralization for AWS Multi-account using Native Services
Post going through native tools that we can utilize to centralize compliance, logging, monitoring, and user & access management through multi-accounts in an organization.
https://www.infracloud.io/blogs/security-centralization-aws-multi-account-using-native-services/
#aws
🔷 How I bypassed the control plane in Azure OpenAI
The Trust on Cloud team discovered a way to allow the management of Azure OpenAI deployments via the Data Plane, resulting in the loss of major security controls.
https://trustoncloud.com/how-i-bypassed-the-control-plane-in-azure-openai/
#azure
🔶 Detecting Manual AWS Actions: An Update!
An updated version of how to detect manual AWS actions from employees.
https://arkadiyt.com/2024/02/18/detecting-manual-aws-actions-an-update/
#aws
🔶 How to be IR Prepared in AWS
This blog aims to demystify AWS' sometimes complicated logging methods to help organizations prepare for when a security incident occurs, outlining which logs should be enabled for the purpose of incident investigations.
https://www.cadosecurity.com/how-to-be-ir-prepared-in-aws/
#aws
🔶 Fargate Is Not Firecracker
A common misconception that AWS never corrected anyone about.
https://justingarrison.com/blog/2024-02-08-fargate-is-not-firecracker/
#aws
🔶🔷🔴 The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker
Commando Cat is a novel cryptojacking campaign exploiting Docker for Initial Access. The campaign deploys a credential stealer payload, targeting Cloud Service Provider credentials (AWS, GCP, Azure).
https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/
#aws #azure #gcp
🔶 Conditional Love for AWS Metadata Enumeration
How would you feel if an attacker could read your AWS resource tags? Turns out they can!
https://blog.plerion.com/conditional-love-for-aws-metadata-enumeration/
#aws
🔶 CIEM Part 3: Mastering privilege management for developers
How to determine the right point in time to harden a role which results in guidance on where to invest your time.
https://www.robertdemeyer.com/post/ciem-part-3-mastering-privilege-management-for-developers
#aws
🔶 CIEM Part 2: Measure risk probability in IAM
Post that tries to classify IAM Roles or IAM User candidates for an attack.
https://www.robertdemeyer.com/post/ciem-part-2-measure-risk-probability-in-iam
#aws
🔴 GKE/Gmail vulnerability: notes and tips
Security researchers have discovered a new Google Kubernetes Engine misconfiguration that could allow attackers with a basic Gmail account to take control of a Kubernetes (k8s) cluster.
https://expel.com/blog/gke-gmail-vulnerability-notes-and-tips/
#gcp
🔶 How Zurich Insurance Group built their Scalable Account Vending process using AWS Account Factory for Terraform
By adopting AWS Control Tower Account Factory for Terraform, Zurich were able to achieve the scalability, resilience and performance to support provisioning of a projected 3000+ accounts.
https://aws.amazon.com/ru/blogs/architecture/how-zurich-insurance-group-built-their-scalable-account-vending-process-using-aws-account-factory-for-terraform/
#aws