πΆ My CI/CD pipeline is my release captain
How Amazon continuously release changes to production by practicing trunk-based development, by using CI/CD pipelines to manage deployment artifacts and coordinate releases across multiple production environments, and by practicing proactive and automatic rollbacks.
https://aws.amazon.com/ru/builders-library/cicd-pipeline
#aws
How Amazon continuously release changes to production by practicing trunk-based development, by using CI/CD pipelines to manage deployment artifacts and coordinate releases across multiple production environments, and by practicing proactive and automatic rollbacks.
https://aws.amazon.com/ru/builders-library/cicd-pipeline
#aws
π₯4
π΄ Securing Cloud Run Deployments with Least Privilege Access
How to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.
https://cloud.google.com/blog/products/identity-security/securing-cloud-run-deployments-with-least-privilege-access
#gcp
How to protect your Cloud Run deployments by implementing least privilege access for Cloud Run services and service consumers.
https://cloud.google.com/blog/products/identity-security/securing-cloud-run-deployments-with-least-privilege-access
#gcp
π1
πΆ automated-ci-pipeline-creation
Creation of Continuous Integration pipelines dynamically using an AWS Step Function based approach to create standardised pipelines for an organisation.
https://github.com/aws-samples/automated-ci-pipeline-creation
#aws
Creation of Continuous Integration pipelines dynamically using an AWS Step Function based approach to create standardised pipelines for an organisation.
https://github.com/aws-samples/automated-ci-pipeline-creation
#aws
π₯2
π΄ How Attackers Can Exploit GCP's Multicloud Workload Solution
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.
https://ermetic.com/blog/gcp/how-attackers-can-exploit-gcps-multicloud-workload-solution
#gcp
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.
https://ermetic.com/blog/gcp/how-attackers-can-exploit-gcps-multicloud-workload-solution
#gcp
π₯3
πΆπ΄ Five Things You Need to Know About Malware on Storage Buckets
An overview of malware in cloud storage buckets and mitigation best practices.
https://orca.security/resources/blog/the-risks-of-malware-in-storage-buckets
#aws #gcp
An overview of malware in cloud storage buckets and mitigation best practices.
https://orca.security/resources/blog/the-risks-of-malware-in-storage-buckets
#aws #gcp
π₯1
πΆ AWS EC2 IMDS - What You Need to Know
A technical review of IMDSv2.
https://ermetic.com/blog/aws/aws-ec2-imds-what-you-need-to-know
#aws
A technical review of IMDSv2.
https://ermetic.com/blog/aws/aws-ec2-imds-what-you-need-to-know
#aws
π₯1
πΆ staticwebsite-cli
This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.
https://github.com/awslabs/staticwebsite-cli
#aws
This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.
https://github.com/awslabs/staticwebsite-cli
#aws
π₯2
π· Preview support for Kata VM Isolated Containers on AKS for Pod Sandboxing
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
π₯1
π΄ Google Cloud Platform Exfiltration: A Threat Hunting Guide
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
π1π₯1
π· Pivoting with Azure Automation Account Connections
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
π₯1
πΆ Understanding the Integration Between KMS and Secrets Manager on AWS
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
π₯1
πΆ A New Incentive for Using AWS VPC Endpoints
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
π₯1
πΆ Reducing Attack Surface with AWS Allowlisting
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
π₯2
π΄ Monitoring Kubernetes Clusters on GKE
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
π₯2
πΆ Passwordless Authentication made easy with Cognito
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
π₯4
πΆ The Many Ways to Access DynamoDB
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
π₯2
π· Protect against cyberattacks with the new Azure Firewall Basic
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
π₯1
π΄ Improve security posture with time bound session length
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
π₯1
πΆ Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
π1π₯1
π· Escalating Privileges with Azure Function Apps
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
π₯1