Azure API Management exposes managed identity certificates with private keys in plaintext through an undocumented configuration API used by self-hosted gateways. Attackers with gateway keys can extract these certificates for persistent backdoor access.
https://dazesecurity.io/blog/apimMIVuln
(Use VPN to open from Russia)
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Amazon CloudFront mTLS with open-source serverless CA
A step-by-step guide on implementing mTLS for Amazon CloudFront using our open-source cloud CA.
https://medium.com/@paulschwarzenberger/amazon-cloudfront-mtls-with-open-source-serverless-ca-f49ce2bc9874
(Use VPN to open from Russia)
#aws
A step-by-step guide on implementing mTLS for Amazon CloudFront using our open-source cloud CA.
https://medium.com/@paulschwarzenberger/amazon-cloudfront-mtls-with-open-source-serverless-ca-f49ce2bc9874
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Introducing AWS Lambda Managed Instances: Serverless simplicity with EC2 flexibility
Run Lambda functions on EC2 compute while maintaining serverless simplicity—enabling access to specialized hardware and cost optimizations through EC2 pricing models, with AWS handling all infrastructure management.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-lambda-managed-instances-serverless-simplicity-with-ec2-flexibility/
(Use VPN to open from Russia)
#aws
Run Lambda functions on EC2 compute while maintaining serverless simplicity—enabling access to specialized hardware and cost optimizations through EC2 pricing models, with AWS handling all infrastructure management.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-lambda-managed-instances-serverless-simplicity-with-ec2-flexibility/
(Use VPN to open from Russia)
#aws
🔥2❤1👍1
🔶 Amazon CloudWatch introduces unified data management and analytics for operations, security, and compliance
CloudWatch can automatically normalize and process data to offer consistency across sources with built-in support for Open Cybersecurity Schema Framework (OCSF) and Open Telemetry (OTel) formats, so you can focus on analytics and insights.
https://aws.amazon.com/ru/blogs/aws/amazon-cloudwatch-introduces-unified-data-management-and-analytics-for-operations-security-and-compliance/
(Use VPN to open from Russia)
#aws
CloudWatch can automatically normalize and process data to offer consistency across sources with built-in support for Open Cybersecurity Schema Framework (OCSF) and Open Telemetry (OTel) formats, so you can focus on analytics and insights.
https://aws.amazon.com/ru/blogs/aws/amazon-cloudwatch-introduces-unified-data-management-and-analytics-for-operations-security-and-compliance/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔴 VPC Flow Logs for Cross-Cloud Network
With VPC Flow Logs, now you can monitor critical network traffic moving between your on-prem infrastructure, cross-cloud resources, and Google Cloud.
https://cloud.google.com/blog/products/networking/vpc-flow-logs-for-cross-cloud-network/
#gcp
With VPC Flow Logs, now you can monitor critical network traffic moving between your on-prem infrastructure, cross-cloud resources, and Google Cloud.
https://cloud.google.com/blog/products/networking/vpc-flow-logs-for-cross-cloud-network/
#gcp
❤1👍1🔥1
Datadog identified an active adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users. The campaign uses lookalike domains, proxies legitimate authentication pages, injects JavaScript to steal credentials and session tokens, and can bypass non-phishing-resistant MFA.
https://securitylabs.datadoghq.com/articles/investigating-an-aitm-phishing-campaign-m365-okta/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Exploiting AWS IAM Eventual Consistency for Persistence
AWS IAM eventual consistency creates a 4-second window where deleted AWS access keys can still work. Learn how attackers exploit this and how to mitigate it.
https://www.offensai.com/blog/aws-iam-eventual-consistency-persistence
(Use VPN to open from Russia)
#aws
AWS IAM eventual consistency creates a 4-second window where deleted AWS access keys can still work. Learn how attackers exploit this and how to mitigate it.
https://www.offensai.com/blog/aws-iam-eventual-consistency-persistence
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 All Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your AWS Environment
Post which analyzes AWS initial access vectors through identity-driven misconfigurations, categorizing them into service exposure (Lambda, EC2, ECR, DataSync) and access by design (IAM/STS, IoT, Cognito) vulnerabilities that compromise cloud perimeter security.
https://www.paloaltonetworks.com/blog/cloud-security/aws-initial-access-cloud-perimeter-security/
(Use VPN to open from Russia)
#aws
Post which analyzes AWS initial access vectors through identity-driven misconfigurations, categorizing them into service exposure (Lambda, EC2, ECR, DataSync) and access by design (IAM/STS, IoT, Cognito) vulnerabilities that compromise cloud perimeter security.
https://www.paloaltonetworks.com/blog/cloud-security/aws-initial-access-cloud-perimeter-security/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 AWS Lambda Managed Instances: A Security Overview
An initial security overview of AWS Lambda Managed Instances, exploring the Bottlerocket-based architecture, the 'Elevator' components, and security insights for this new compute model.
https://www.offensai.com/blog/aws-lambda-managed-instances-security-overview
(Use VPN to open from Russia)
#aws
An initial security overview of AWS Lambda Managed Instances, exploring the Bottlerocket-based architecture, the 'Elevator' components, and security insights for this new compute model.
https://www.offensai.com/blog/aws-lambda-managed-instances-security-overview
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 AWS Builder Center
A portal collecting hands-on workshops crafted by AWS experts to gain practical experience and solve real business challenges.
https://builder.aws.com/build/workshops
(Use VPN to open from Russia)
#aws
A portal collecting hands-on workshops crafted by AWS experts to gain practical experience and solve real business challenges.
https://builder.aws.com/build/workshops
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 aws-finops-dashboard
A terminal-based AWS cost and resource dashboard which provides an overview of AWS spend by account, service-level breakdowns, budget tracking, and EC2 instance summaries.
https://github.com/ravikiranvm/aws-finops-dashboard
#aws
A terminal-based AWS cost and resource dashboard which provides an overview of AWS spend by account, service-level breakdowns, budget tracking, and EC2 instance summaries.
https://github.com/ravikiranvm/aws-finops-dashboard
#aws
❤1👍1🔥1
🔶 yams
A Go library, server, and CLI providing foundational capabilities to simulate access for AWS IAM policies.
https://github.com/nsiow/yams
#aws
A Go library, server, and CLI providing foundational capabilities to simulate access for AWS IAM policies.
https://github.com/nsiow/yams
#aws
❤1👍1🔥1
🔶 IAMhounddog
A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS accounts.
https://github.com/VirtueSecurity/IAMhounddog
#aws
A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS accounts.
https://github.com/VirtueSecurity/IAMhounddog
#aws
❤2👍1🔥1
🔶🔷🔴 tokenex
A Go library that securely exchanges identity tokens for temporary cloud credentials, with built-in support for AWS, GCP, Azure, OCI, Kubernetes, and OAuth2. You can also refer to the companion blog post.
https://github.com/riptideslabs/tokenex
#aws #azure #gcp
A Go library that securely exchanges identity tokens for temporary cloud credentials, with built-in support for AWS, GCP, Azure, OCI, Kubernetes, and OAuth2. You can also refer to the companion blog post.
https://github.com/riptideslabs/tokenex
#aws #azure #gcp
🔥2❤1👍1
🔶 aws-extend-switch-roles
Extend your AWS IAM switching roles by Chrome extension, Firefox add-on, or Edge add-on.
https://github.com/tilfinltd/aws-extend-switch-roles
#aws
Extend your AWS IAM switching roles by Chrome extension, Firefox add-on, or Edge add-on.
https://github.com/tilfinltd/aws-extend-switch-roles
#aws
❤1👍1🔥1
A Python reconnaissance tool designed to discover Azure services and attribute tenant ownership information based on their responses.
https://github.com/NetSPI/ATEAM
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 boto3-refresh-session
A simple Python package for refreshing AWS temporary credentials in boto3 automatically
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
A simple Python package for refreshing AWS temporary credentials in boto3 automatically
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
❤1👍1🔥1
🔶🔷🔴 Dear, cloud family!
Wishing you a New Year filled with innovative solutions, seamless deployments, and sky‑high success! May your cloud infrastructure be always resilient and your downtime — zero. Happy New Year 2026!
We'll be taking a short break and returning in a few days to bring you new, professional content.
#HappyNewYear
Wishing you a New Year filled with innovative solutions, seamless deployments, and sky‑high success! May your cloud infrastructure be always resilient and your downtime — zero. Happy New Year 2026!
We'll be taking a short break and returning in a few days to bring you new, professional content.
#HappyNewYear
❤2👍1🔥1
🔶 What is EC2 Instance Attestation
EC2 Instance Attestation extends attestable scope from Nitro Enclaves' container environment to entire EC2 instances, enabling greater capabilities like GPU access. However, it requires proactive hardening versus Enclaves' secure-by-default design and more complex deployment through Attestable AMIs.
https://blog.richardfan.xyz/2025/12/18/what-is-ec2-instance-attestation.html
#aws
EC2 Instance Attestation extends attestable scope from Nitro Enclaves' container environment to entire EC2 instances, enabling greater capabilities like GPU access. However, it requires proactive hardening versus Enclaves' secure-by-default design and more complex deployment through Attestable AMIs.
https://blog.richardfan.xyz/2025/12/18/what-is-ec2-instance-attestation.html
#aws
🔥2❤1👍1