🔶 How to get rid of AWS access keys - Part 3: Replacing the authentication

Post discussing alternative solutions to using access keys.

https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-3

#aws

🔶 Refuting AWS Chain Attack - Digging Deeper into EKS Zero Day claims

An analysis of the findings published by a security researcher last month, claiming to have uncovered zero days in thousands of EKS cluster.

https://kloudle.com/blog/refuting-aws-chain-attack-digging-deeper-into-eks-zero-days-claim/

#aws

🔶 No keys attached: Exploring GitHub-to-AWS keyless authentication flaws

While popular, GitHub-to-AWS keyless authentication mechanisms can be insecurely configured.

https://securitylabs.datadoghq.com/articles/exploring-github-to-aws-keyless-authentication-flaws/

#aws

🔶 Swiping right on the AWS WAF CAPTCHA challenge

Post walking through a methodology for beating the AWS WAF CAPTCHA challenges programmatically.

https://onecloudplease.com/blog/swiping-right-on-the-aws-waf-captcha-challenge

#aws

🔶🔷🔴 Hijacking Cloud CI/CD Systems for Fun and Profit

This research details a new technique that can be used by threat actors for supply chain attacks on open-source repositories using GCP, Azure and AWS.

https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit

#aws #azure #gcp

🔶AWS Networking Concepts

A mind map to link together all the different networking-related concepts from AWS.

https://miparnisariblog.wordpress.com/2023/03/29/aws-networking-concepts/

#aws

🔶 Automated First-Response in AWS using Sigma and Athena

Can Sigma rules provide first-response capabilities in a post-compromised AWS environment?

https://invictus-ir.medium.com/automated-first-response-in-aws-using-sigma-and-athena-615940bedc56

(Use VPN to open from Russia)

#aws

🔷 Microsoft Entra Workload ID - Introduction and Delegated Permissions

Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?

https://www.cloud-architekt.net/entra-workload-id-introduction-and-delegation

#azure

🔶 More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

This blog lays out a new potential post-exploitation technique: Abusing AWS Systems Manager (SSM) agent so that it functions as a Remote Access Trojan (RAT) on both Linux and Windows machines, while using an attacker AWS account as a Command and Control (C&C).

https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan

#aws

🔴 Signing URLs in GCP: Convenience vs. Security

Why the "iam.serviceAccounts.signBlob" permission can cause trouble in your GCP environment.

https://lsgeurope.com/post/signing-urls-in-gcp-convenience-vs-security

#gcp

🔶 Perform continuous vulnerability scanning of AWS Lambda functions with Amazon Inspector

Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.

https://aws.amazon.com/ru/blogs/security/perform-continuous-vulnerability-scanning-of-aws-lambda-functions-with-amazon-inspector/

#aws

🔶 Configure fine-grained access to your resources shared using AWS Resource Access Manager

You can use AWS Resource Access Manager (AWS RAM) to securely, simply, and consistently share supported resource types within your organization or organizational units (OUs) and across AWS accounts.

https://aws.amazon.com/ru/blogs/security/configure-fine-grained-access-to-your-resources-shared-using-aws-resource-access-manager/

#aws

🔷 Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets).

https://www.tenable.com/security/research/tra-2023-25

(Use VPN to open from Russia)

#azure

🔷 Knocking on the Front Door (client side desync attack on Azure CDN)

A write-up on a Browser-Powered Desync bug discovered in the Azure CDN service known as Front Door.

https://blog.jeti.pw/posts/knocking-on-the-front-door

#azure

🔶 Hacking Github AWS integrations again

Another post looking at the perils of unproperly scoping access provided by OIDC.

https://dagrz.com/writing/aws-security/hacking-github-aws-oidc

#aws

🔶 AWS Security Monitoring in 2023: Untangle the chaos

This post provides recommendations for implementing an effective security monitoring strategy in AWS.

https://marbot.io/blog/2023-08-04-aws-security-monitoring-in-2023.html

#aws

🔶 SSRF Tricks - Thread

Some tricks «rhynorater» picked up over the past 5 years of web app testing.

https://x.com/rhynorater/status/1689400476452679682?s=52&t=J3j_Bp59pI4rfliKITPeZQ

(Use VPN to open from Russia)

#aws

🔷 An Azure Tale of VPN, Conditional Access and MFA Bypass

A walkthrough review of the implementation of an on-prem VPN server that used Azure AD as the idP and enforced MFA via conditional access policies.

https://simondotsh.com/infosec/2023/08/15/azure-tale-vpn-ca-mfa-bypass.html

#azure

🔶 When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability

Threat actors used SugarCRM's zero-day CVE-2023-22952 and cloud account misconfigurations to access credentials.

https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat

#aws

🔶 Identifying & Reducing Permission Explosion in AWS

The slides of a BlackHat 2023 talk that discusses how to identify, fix, and prevent permission explosion in your AWS environment.

https://i.blackhat.com/BH-US-23/Presentations/US-23-Moolrajani-Reducing-AWS-Permission-Explosion.pdf

#aws