#aws, #azure, #defend, #gcp, #strategy

A cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment.

#aws, #defend

Many engineers have found themselves in the unenviable position of being handed the keys to an AWS environment with absolutely no explanation of its contents, documentation, or training.

#aws, #build, #terraform

How Square extended their datacenter-based secrets infrastructure to enable a cloud migration supporting Lambda. They added SPIFFE compatibility to their secrets infrastructure and developed a Lambda secrets syncer that Square engineers can deploy via a Terraform module.

#attack, #gcp, #gsuite

You’ve seen plenty of talks on exploiting, escalating, and exfiltrating the magical world of Google Cloud (GCP), but what about its buttoned-down sibling? This talk delves into the dark art of utilizing Apps Script to exploit G Suite (AKA Google Workspace).

#attack, #kubernetes, #monitor

How to enable Kubernetes logging in cloud environments, and how to detect logging evasion.

#attack, #aws

Part one of a two part series that will discuss AWS’s new Lightsail object storage. The first part looks at the new access key capability and its security issues.

#aws, #defend

An article on remediating IMDSv1 in AWS, a common server-side request forgery vector targeting lateral movement and persistence.

#aws, #build, #iam

An in-depth guide to creating production-ready, least privilege IAM roles for deploying your serverless application across multiple AWS accounts.

#azure, #build, #kubernetes

How to encrypt and decrypt your secrets with Mozilla SOPS and Azure Key Vault.

#announcement, #ci/cd, #defend, #github

The Open Source Security Foundation announced Allstar, a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. With Allstar, owners can check for security policy adherence, set desired enforcement actions, and continuously enact those enforcements when triggered by a setting or file change in the organization or project repository.

#announcement, #kubernetes

Kubernetes 1.22 has been released, and it contains breaking changes! Go check the CHANGELOG to avoid surprises at upgrade time.

A container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform.

A visual overview of Kubernetes architecture and Prometheus metrics.

Controller to mint and manage serving certificates for Kubernetes services.

A magic shim for Docker credential helpers. You can also refer to the companion blog post.

Amazon EKS Pod Identity Webhook: this webhook is for mutating pods that will require AWS IAM access.

Amazon CloudWatch announces cross account alarms, a new feature that enables customers to set alerts and take actions based on changes to metrics in other AWS accounts.

AWS Config now supports three new AWS Config managed rules to help you verify that your secrets in AWS Secrets Manager are configured in accordance with your organization’s security and compliance requirements.

How to scale an S3 authorization strategy as an alternative to using path based authorization, by combining attribute-based access control (ABAC) using IAM with a standard Active Directory Federation Services (AD FS) connected to Microsoft AD.

Multi-level base path mapping enables segmented paths, with each segment able to route to a different endpoint. This pattern allows developers to use RESTful URLs to identify the application paths in easy-to-understand patterns.

You can now register Google Kubernetes Engine (GKE) services in Service Directory, Google Cloud’s managed service registry.

Save money and improve security by automating the discovery, management and reclamation of old projects with Unattended Project Recommender.

This document helps you identify Google Cloud products and mitigation strategies that can help you defend against common application-level attacks that are outlined in the OWASP Top 10.

Post covering each of the Detection and Hunting queries included in the Azure Sentinel SQL solution.

By default, incident searches run across the Incident ID, Title, Tags, Owner, and Product name values only. Now, with the new Advanced search pane, you can scroll down the list to select one or more other parameters to search on.