Release Date: 12/06/2022 | Issue: 141
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
It's official: I'm writing a book! 📖
"The CloudSec Engineer" will be a book on how to enter, establish yourself, and thrive in the cloud security industry as an individual contributor.
You can sign up to get updates and free samples of the book as I write it at:

JupiterOne: Cyber asset context and visibility for the cloud
As companies expand to the cloud, asset visibility worsens. The JupiterOne Cyber Asset Management Platform helps you get it back.
Answer complex security and infrastructure questions, understand the contextual relationships between assets, and build the foundation for your security program with JupiterOne. Get started with your free account today

This week's articles

A Deep Dive into Temporal's Access Control Strategy in AWS   #aws, #iam
Some insights into Temporal's strategy for securing their cloud environment, as well as a call for attention to an unexpected facet of AWS access policies encountered along the way.

Guide to Digital Forensics Incident Response in the Cloud   #defend, #strategy
Post covering the differences between cloud forensics and forensics in on-premises systems.

The Philosophy of Prevention   #aws, #defend, #design
An interesting post covering some limitations and use-cases for SCPs and auto-remediation tools.

Introducing Entitlements: GitHub's open source Identity and Access Management solution   #announcement, #ci/cd, #iam
Github open sourced their Identity and Access Management solution (called "Entitlements"), which uses a Git repository for the source-of-truth, declarative authorizations, and seamless integration with for approvals and audits.

MongoDB Field Level Encryption with HashiCorp Vault KMIP Secrets Engine   #announcement, #build, #vault
With MongoDB releasing client-side field level encryption with KMIP support, Vault users can now use its KMIP secrets engine to supply the encryption keys. This allows to be in full control of the keys.

cloud-middleware-dataset   #aws, #azure, #explain, #gcp
This project contains cloud middleware (i.e. agents installed by cloud security providers) used across the major cloud service providers (Azure, AWS and GCP).

Awesome-Azure-Pentest   #attack, #azure
A collection of resources, tools and more for penetration testing and securing Microsoft's cloud platform.

Managed Identity Attack Paths   #attack, #azure
A three part blog series exploring attack paths that emerge out of Managed Identity assignments in three Azure services.

Bypassing eBPF-based Security Enforcement Tools   #attack, #containers
Post explaining the limitations of eBPF security enforcement tools and demonstrates bypass techniques with Tetragon.

Use CloudTrail to Pivot to AWS Accounts   #attack, #aws
How to utilize the AWS CloudTrail service to discover other AWS accounts that you could pivot to.

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane   #attack, #gcp
The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms.

Enumeration and lateral movement in GCP environments   #attack, #gcp
A pentest write up describing how it was possible to compromise a hybrid GCP hosted infrastructure using native GCP tools.


Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks.

End-to-end modular samples for Terraform on GCP.

An universal solution for delivering your software updates securely from a trusted The Update Framework (TUF) repository.

kubectl plugin to browse Kubernetes object hierarchies as a tree.

From the cloud providers

AWS Icon  Get more out of service control policies in a multi-account environment
Walkthrough of different techniques that you can use to get more out of AWS Organizations service control policies (SCPs) in a multi-account environment.

AWS Icon  Let's Architect! Architecting for governance and management
Content to help software architects and tech leaders explore new ideas, case studies, and technical approaches to help you support production implementations for large-scale migrations.

AWS Icon  Correlate IAM Access Analyzer findings with Amazon Macie
How to detect when unintended access has been granted to sensitive data in S3 buckets.

AWS Icon  AWS Security Hub now receives AWS Config managed and custom rule evaluation results
AWS Security Hub now automatically receives AWS Config managed and custom rule evaluation results as security findings.

GCP Icon  Updates coming for Authorized Networks and Cloud Run/Functions on GKE
After a reported vulnerability, Google will soon limit access to GKE-related services and block access from Cloud Run and Cloud Functions.

Azure Icon  Group membership in a dynamic group (preview) in Azure Active Directory
How to create a dynamic membership group that can contain members of other groups in Azure Active Directory.

Azure Icon  Virtual desktop infrastructure security best practices
One of the most popular options for organizations who want to offer remote work options is virtual desktop infrastructure or VDI. In this blog, get an overview of VDI and learn security best practices.

Azure Icon  General availability: Azure Bastion IP based connection
You can now use Azure Bastion to connect to on-premises resources over ExpressRoute and Site-to-Site VPN.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.