Mandiant identified exploitation of public-facing web applications by threat actors (UNC2903) to harvest credentials using Amazon's Instance Metadata Service (IMDS).

Post exploring the mechanics and prevalence of malware fileless execution in attacking read-only containerized environments.

A 3-part serie (see also Part 2 and Part 3) uncovering issues like: command injection, container escapes, Github tokens, Cloudflare's Github tokens, Cloudflare API Keys to Cloudflare Organisation, and Cloudflare's Azure API tokens amongst other things. You can also read Cloudflare's own writeup.

Post explaining the strengths of SBOMs and SLSA and how they fundamentally differ, and shows how SLSA principles can both support the generation of high-quality SBOMs and help consumers respond to supply chain attacks.

Kubernetes 1.24 will be the first release officially using Sigstore, enabling seamless verification of signatures to protect against supply chain attacks across the 5.6m developer community. This marks a huge shift toward verifiable infra.

The Ingress may be one of the most targeted components of Kubernetes. While its risks are well understood, it's not an easy process to tackle them, so the Kubernetes community took another approach to reduce (but not remove!) them in the current (v1.2.0) release: by isolating the NGINX service as a container inside the controller container.

Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements.

How to recreate the Kubernetes RBAC authorization model from scratch and practice the relationships between Roles, ServiceAccounts, RoleBindings, etc.

What is OCI? OCI stands for Open Container Initiative. This is a group which oversees a collection of open specifications relating to containers. If you have ever run an application on Kubernetes, then you have leveraged OCI.

Another Azure vulnerability, this time allowing an unprivileged user to modify graph search filters so that user could access logs which would normally require admin roles.

Pre-commit git hooks for Open Policy Agent (OPA) and Rego development.

Python library to carry out DFIR analysis on the Cloud.

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

GitGoat enables DevOps and Engineering teams to test security products intending to integrate with GitHub. GitGoat is a learning and training project that demonstrates common configuration errors that can potentially allow adversaries to introduce code to production.

Hands on labs and real world design scenarios for Well-Architected workloads.

How to integrate Client VPN with an existing AWS Single Sign-On via a custom SAML 2.0 application to authenticate and authorize Client VPN connections and traffic.

An automated process for disabling or enabling selected AWS Security Hub controls across multiple accounts and multiple regions.

How to implement the OAuth 2.0 device authorization grant flow for Amazon Cognito by using AWS Lambda and Amazon DynamoDB.

Introducing SWIFT on Google Cloud - modernize your payments by bringing them to the cloud.

Google's latest Container-Optimized OS release supports CIS benchmark compliance and can provide continuous CIS scanning capabilities.

Azure Bastion is a fully managed jumpbox-as-a-service that provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to your VMs in local or peered virtual networks. With native client support available on the Standard SKU for Azure Bastion, you now unlock customizable features and added functionality in your VM sessions.

Microsoft has been evolving Azure Web Application Firewall (Azure WAF), a cloud-native, self-managed security service to protect your applications and APIs running in Azure or anywhere else, from the network edge to the cloud.