๐ท Preview support for Kata VM Isolated Containers on AKS for Pod Sandboxing
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557
#azure
๐ฅ1
๐ด Google Cloud Platform Exfiltration: A Threat Hunting Guide
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.
https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
#gcp
๐1๐ฅ1
๐ท Pivoting with Azure Automation Account Connections
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-automation-account-connections
#azure
๐ฅ1
๐ถ Understanding the Integration Between KMS and Secrets Manager on AWS
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.
https://blog.lightspin.io/understanding-the-integration-between-kms-and-secrets-manager-on-aws
#aws
๐ฅ1
๐ถ A New Incentive for Using AWS VPC Endpoints
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.
https://ermetic.com/blog/aws/a-new-incentive-for-using-aws-vpc-endpoints
#aws
๐ฅ1
๐ถ Reducing Attack Surface with AWS Allowlisting
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
A detailed look at implementing Region and Service allowlisting in AWS.
https://ramimac.me/aws-allowlisting
#aws
๐ฅ2
๐ด Monitoring Kubernetes Clusters on GKE
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
A hands-on guide to monitoring and logging at different layers in the GKE stack.
https://medium.com/google-cloud/gke-monitoring-84170ea44833
#gcp
๐ฅ2
๐ถ Passwordless Authentication made easy with Cognito
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
A Step-by-Step Guide, including working demo and complete source code for both frontend and backend.
https://theburningmonk.com/2023/03/passwordless-authentication-made-easy-with-cognito-a-step-by-step-guide
#aws
๐ฅ4
๐ถ The Many Ways to Access DynamoDB
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
Post discussing the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform.
https://blog.symops.com/2023/03/10/access-dynamodb
#aws
๐ฅ2
๐ท Protect against cyberattacks with the new Azure Firewall Basic
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
Azure announced the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.
https://azure.microsoft.com/en-gb/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic
#azure
๐ฅ1
๐ด Improve security posture with time bound session length
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate.
https://cloud.google.com/blog/products/identity-security/improve-security-posture-with-time-bound-session-length
#gcp
๐ฅ1
๐ถ Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
Public disclosure of a CloudTrail bypass in AWS Service Catalog and other logging research.
https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other
#aws
๐1๐ฅ1
๐ท Escalating Privileges with Azure Function Apps
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
Undocumented APIs used by the Azure Function Apps Portal menu allowed for arbitrary file reads on the Function App containers.
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/
#azure
๐ฅ1
๐ถ Mitigating SSRF in 2023
Article reviewing the different ways of triggering SSRF and discussing which mitigation techniques are most effective.
https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023
#aws
Article reviewing the different ways of triggering SSRF and discussing which mitigation techniques are most effective.
https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023
#aws
๐ฅ2
๐ถ Implementing Magic Links with Amazon Cognito: A Step-by-Step Guide
A popular passwordless authentication method is magic links. Although this is not something that Cognito supports out of the box, it can be implemented using its Lambda hooks.
https://theburningmonk.com/2023/03/implementing-magic-links-with-amazon-cognito-a-step-by-step-guide
#aws
A popular passwordless authentication method is magic links. Although this is not something that Cognito supports out of the box, it can be implemented using its Lambda hooks.
https://theburningmonk.com/2023/03/implementing-magic-links-with-amazon-cognito-a-step-by-step-guide
#aws
๐ฅ2
๐ถ The illustrated guide to S3 pre-signed URLs
Article discussing in great detail what pre-signed URLs are, how to use them, and some best practices to keep in mind.
https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls
#aws
Article discussing in great detail what pre-signed URLs are, how to use them, and some best practices to keep in mind.
https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls
#aws
๐ฅ4
๐ท Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle
Post exploring the details of the Azure vulnerability, "Super FabriXss," the risks it poses, as well as recommendations on how to mitigate it.
https://orca.security/resources/blog/super-fabrixss-azure-vulnerability
#azure
Post exploring the details of the Azure vulnerability, "Super FabriXss," the risks it poses, as well as recommendations on how to mitigate it.
https://orca.security/resources/blog/super-fabrixss-azure-vulnerability
#azure
๐ฅ2
๐ถ Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel
How to use Cloudflare Tunnel to securely access a Flask webapp running in a private subnet in ECS on Fargate, without exposing the app to the public internet.
https://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs
#aws
How to use Cloudflare Tunnel to securely access a Flask webapp running in a private subnet in ECS on Fargate, without exposing the app to the public internet.
https://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs
#aws
๐ฅ3
๐ท Riding the Azure Service Bus (Relay) into Power Platform
A deserialization issue on the Azure Service Bus (Relay) service that allowed remote code execution on Microsoft servers.
https://www.netspi.com/blog/technical/vulnerability-research/azure-service-bus-power-platform
#azure
A deserialization issue on the Azure Service Bus (Relay) service that allowed remote code execution on Microsoft servers.
https://www.netspi.com/blog/technical/vulnerability-research/azure-service-bus-power-platform
#azure
๐ฅ1
๐ถ AWS KMS Threat Model
What are the threats in letting an AWS service manage the encryption of your data instead of creating a Customer Managed Key?
https://airwalkreply.com/aws-kms-threat-model
#aws
What are the threats in letting an AWS service manage the encryption of your data instead of creating a Customer Managed Key?
https://airwalkreply.com/aws-kms-threat-model
#aws
๐ฅ5