1510
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
🔶 DynamoDB now supports resource-based policies. But is that a good idea?
While it simplifies cross-account access to DynamoDB tables, eliminating the need to assume IAM roles. It still begs the question: Is cross-account data access even a good idea?
https://theburningmonk.com/2024/03/dynamodb-now-supports-resource-based-policies-but-is-that-a-good-idea/
#aws
👩💻 Microsoft Copilot for Security: General Availability details
Microsoft announced the general availability of Microsoft Copilot for Security (Copilot) on April 1st.
https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-general-availability-details/ba-p/4079970
#azure
👩💻 Azure Deployment Scripts: Assuming User-Assigned Managed Identities
Attackers may get access to a role that allows assigning a Managed Identity to a resource. Depending on the permissions of the Managed Identity, this can be used for privilege escalation.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-user-assigned-managed-identities-via-deployment-scripts/
#azure
🔶👩💻 CloudGrappler
CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure. You can also refer to the companion blog post.
https://github.com/Permiso-io-tools/CloudGrappler
#aws #azure
🔶 How we sped up AWS CloudFormation deployments with optimistic stabilization
Post discussing the new optimistic stabilization strategy to shorten stack deployment times and improve visibility into resource provisioning.
https://aws.amazon.com/ru/blogs/devops/how-we-sped-up-aws-cloudformation-deployments-with-optimistic-stabilization/
#aws
🔶 The Missing Guide to AWS API Gateway Access Logs
Learn the what, why, and how of API Gateway access logs.
https://www.alexdebrie.com/posts/api-gateway-access-logs/
#aws
Яндекс делает закрытую вечеринку от команды информационной безопасности Yet Another Security Night
27 марта в 18:00
Только офлайн в Москве и в Питере
Мы приглашаем к себе в гости в офис на Льва Толстого в Москве и атмосферную локацию на набережной в Питере, где:
▫️Эксперты Яндекса расскажут про:
- Яндекс in-house: один день из жизни инженера СИБ, Спартак Свасян
- Уязвимости бизнес-логики, которые могут стоить вам миллионы, Азиз Алимов
▫️Бизнес игра - погружение во внутренние процессы команды в комфортном режиме
▫️Много нетворкинга и знакомств с нашими экспертами
▫️Афтерпати с DJ-сетом, крафтовыми напитками и настольным футболом
Получите приглашение - регистрация открыта!
Реклама. ООО "Яндекс", ИНН 7736207543
#advertising
👩💻 The mystery of the EnrichedOffice365AuditLogs solved
With Global Secure Access enabled access to the Microsoft 365 services such as SharePoint/OneDrive will be recorded in the EnrichedOffice365AuditLogs.
https://www.invictus-ir.com/news/the-mystery-of-the-enrichedoffice365auditlogs-solved
#azure
🔴 From Lighthouse to Loran - Navigating GCP Security Auditing Tools
Set sail on a secure journey through Google Cloud Platform with built-in and open-source auditing tools.
https://alexmorgan.uk/blog/from-lighthouse-to-loran---navigating-gcp-security-auditing-tools/
#gcp
👩💻 Extracting Sensitive Information from the Azure Batch Service
Attackers with Reader access to Batch can: read sensitive data from job outputs and gain access to SAS tokens for Storage Account files attached to the jobs.
https://www.netspi.com/blog/technical/cloud-penetration-testing/extracting-sensitive-information-from-azure-batch-service/
#azure
🔶🔷🔴 Navigating the Cloud: Exploring Lateral Movement Techniques
Some lateral movement techniques observed in the wild within cloud environments.
https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/
#aws #azure #gcp
🔷 How to be IR prepared in Azure
This blog demystifies Azure's sometimes complicated logging methods, outlining which logs should be enabled and how to enable them.
https://www.cadosecurity.com/how-to-be-ir-prepared-in-azure/
#azure
🔷 Pivoting from Microsoft Cloud to On-Premise Machines
This article demonstrates one situation discovered during a recent cloud penetration test that allowed the team to pivot from a Microsoft cloud environment to on-premise machines via PSRemoting.
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
#azure
🔶 A few notes on AWS Nitro Enclaves: Images and attestation
The AWS Nitro Enclaves platform lacks thorough documentation and mature tooling. So the Trail of Bits team decided to do some deep research into it to fill in some of the documentation gaps and, most importantly, to find security footguns and offer some advice for avoiding them.
https://blog.trailofbits.com/2024/02/16/a-few-notes-on-aws-nitro-enclaves-images-and-attestation/
#aws
🔶 (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup
The author reviews infrastructure decisions over four years at a startup, covering successful choices and regrets, emphasizing AWS, EKS, managed services, automation, and the value of early adoption and GitOps.
https://cep.dev/posts/every-infrastructure-decision-i-endorse-or-regret-after-4-years-running-infrastructure-at-a-startup/
#aws
🔴 Introducing stronger default Org Policies for our customers
Google Cloud is releasing an updated and stronger set of security defaults that can be implemented with Organizational Policies.
https://cloud.google.com/blog/products/identity-security/introducing-stronger-default-org-policies-for-our-customers/
#gcp
🔴 How to set compliance controls for your Google Cloud Organization
Assured Workloads can help you ensure comprehensive data protection and regulatory compliance with folders that support your compliance requirements.
https://cloud.google.com/blog/products/identity-security/how-to-set-compliance-controls-for-your-google-cloud-organization/
#gcp
🔶 Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaign
How the tracking of AWS Simple Notification Service (SNS) enumeration activity across multiple customer environments led to the takedown of a phishing site that was impersonating the French government.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-aws-activity-to-phishing/
#aws
🔴 Use customer-managed encryption keys
How to use a Cloud Key Management Service (Cloud KMS) encryption key with Dataflow.
https://cloud.google.com/dataflow/docs/guides/customer-managed-encryption-keys
#gcp
🔴 Introducing Security Command Center Enterprise
Security Command Center Enterprise is the first multicloud risk management solution that fuses AI-powered SecOps with cloud security.
https://cloud.google.com/blog/products/identity-security/introducing-security-command-center-enterprise
#gcp
🔶 Introducing the AWS WAF traffic overview dashboard
Post introducing the new dashboards and delve into a few use cases to help you gain better visibility into the overall security of your applications using AWS WAF and make informed decisions based on insights from the dashboards.
https://aws.amazon.com/ru/blogs/security/introducing-the-aws-waf-traffic-overview-dashboard/
#aws
🔶 The AWS S3 Denial of Wallet amplification attack
If you publicly host large data files on AWS S3 and pay for AWS transfer costs, you may be vulnerable to a «Denial of Wallet» amplification attack.
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
(Use VPN to open from Russia)
#aws
👩💻 Meet Silver SAML: Golden SAML in the Cloud
Semperis researchers have discovered Silver SAML: a new application of Golden SAML that can be exploited in Entra ID and without AD FS.
https://www.semperis.com/blog/meet-silver-saml/
#azure
🎉🥳 Dear women of our community! We would like to congratulate you on International Women's Day!
We wish you to remain a source of inspiration so that we, men, make clouds even safer)
🔶 Whoever has time this holiday - we recommend reading the post «Enhance container software supply chain visibility through SBOM export with Amazon Inspector and QuickSight».
How to can export software bills of materials (SBOMs) for your containers by using an AWS native service, Amazon Inspector, and visualize the SBOMs through Amazon QuickSight.
https://aws.amazon.com/ru/blogs/security/enhance-container-software-supply-chain-visibility-through-sbom-export-with-amazon-inspector-and-quicksight/
#aws
🔶 The state of ABAC on AWS (in 2024)
Scott Piper checked in on «The state of ABAC on AWS» back in 2020. Things are only a little better.
https://ramimac.me/abac
#aws
🔶 Security Centralization for AWS Multi-account using Native Services
Post going through native tools that we can utilize to centralize compliance, logging, monitoring, and user & access management through multi-accounts in an organization.
https://www.infracloud.io/blogs/security-centralization-aws-multi-account-using-native-services/
#aws
🔷 How I bypassed the control plane in Azure OpenAI
The Trust on Cloud team discovered a way to allow the management of Azure OpenAI deployments via the Data Plane, resulting in the loss of major security controls.
https://trustoncloud.com/how-i-bypassed-the-control-plane-in-azure-openai/
#azure
🔶 Detecting Manual AWS Actions: An Update!
An updated version of how to detect manual AWS actions from employees.
https://arkadiyt.com/2024/02/18/detecting-manual-aws-actions-an-update/
#aws
🔶 How to be IR Prepared in AWS
This blog aims to demystify AWS' sometimes complicated logging methods to help organizations prepare for when a security incident occurs, outlining which logs should be enabled for the purpose of incident investigations.
https://www.cadosecurity.com/how-to-be-ir-prepared-in-aws/
#aws
🔶 Fargate Is Not Firecracker
A common misconception that AWS never corrected anyone about.
https://justingarrison.com/blog/2024-02-08-fargate-is-not-firecracker/
#aws