This week's articles
Cloud Security Orienteering
#aws, #azure, #defend, #gcp, #strategy
A cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment.
Expanding Secrets Infrastructure to AWS Lambda
#aws, #build, #terraform
How Square extended their datacenter-based secrets infrastructure to enable a cloud migration supporting Lambda. They added SPIFFE compatibility to their secrets infrastructure and developed a Lambda secrets syncer that Square engineers can deploy via a Terraform module.
Hacking G Suite: The Power of Dark Apps Script Magic
#attack, #gcp, #gsuite
You’ve seen plenty of talks on exploiting, escalating, and exfiltrating the magical world of Google Cloud (GCP), but what about its buttoned-down sibling? This talk delves into the dark art of utilizing Apps Script to exploit G Suite (AKA Google Workspace).
Remediating AWS IMDSv1
An article on remediating IMDSv1 in AWS, a common server-side request forgery vector targeting lateral movement and persistence.
Introducing the Allstar GitHub App
#announcement, #ci/cd, #defend, #github
The Open Source Security Foundation announced Allstar
, a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. With Allstar, owners can check for security policy adherence, set desired enforcement actions, and continuously enact those enforcements when triggered by a setting or file change in the organization or project repository.
Kubernetes 1.22: Reaching New Peaks
Kubernetes 1.22 has been released, and it contains breaking changes! Go check the CHANGELOG to avoid surprises at upgrade time.