Release Date: 04/09/2022 | Issue: 153
CloudSecList is a weekly newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand curated by Marco Lancini.
Sponsor

Understanding the Five Fundamentals of Cloud Security
The cloud attack surface is changing, and so are the attack patterns used to exploit them. Cloud environments increasingly leverage cloud native architectures and complex use of IAM, and they can’t be secured with yesterday’s tools and methods.
Download this free white paper on The 5 Fundamentals of Cloud Security - a comprehensive guide for formulating cloud security strategies with recommendations such as:
  • Environment Knowledge: 3 Cloud Security Recommendations
  • Prevention: Resource Mapping, IAM Settings, and guardrails
Check it out now!

This week's articles


Incident Response in AWS
#defend, #explain, #monitor
Post intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane.


Implementing Quarantine Pattern for Container Images
#containers, #defend
Post describing some ways to implement a quarantine pattern for container images or other artifacts stored in OCI registries.


AWS IAM Interview Questions
#aws, #explain
Some AWS IAM interview questions to help understand how much an engineer might know about AWS IAM, and how to apply it.


Refresh Secrets for Kubernetes Applications with Vault Agent
#build, #kubernetes, #vault
Post describing the system signal and live reload methods for updating Kubernetes applications when secrets change.


General availability of SLSA3 Generic Generator for GitHub Actions
#build, #ci/cd, #supply-chain
The SLSA community announced that they're adding a new tool to generate provenance documents for projects developed in any programming language, while keeping your existing building workflows.


Learn Istio - How to Manage, Monitor, and Secure Microservices
#containers, #explain
A thorough introduction to Istio, showing what it does under the hood.


SMTP Matching Abuse in Azure AD
#attack, #azure
How SMTP matching can be abused to obtain privileged access via eligible role assignments, and how to prevent it.


Automating Azure Abuse Research - Part 2
#attack, #azure
Second part of a series, this time focusing on how to use the BloodHound Attack Research Kit (BARK) to perform so-called "continuous abuse primitive validation".

Tools


devbox
Devbox is a command-line tool that lets you easily create isolated shells and containers. You start by defining the list of packages required by your development environment, and devbox uses that definition to create an isolated environment just for your application.


terraform-iam-policy-validator
A command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices.


AWSSigner
Burp Extension for AWS SigV4 Signing.


kconnect
kconnect is a CLI utility that can be used to discover and securely access Kubernetes clusters across multiple operating environments.

From the cloud providers


AWS Icon  Identity Guide - Preventive controls with AWS Identity - SCPs
Common use cases for service control policies (SCPs) in AWS Organizations & how to use them to build preventive controls.


AWS Icon  How to subscribe to the new Security Hub Announcements topic for Amazon SNS
You can now use SNS to subscribe to the new Security Hub Announcements topic to receive updates about new Security Hub services and features, newly supported standards and controls, and other Security Hub changes.


AWS Icon  Learn more about the new allow list feature in Macie
How to set up an allow list in Macie and run a Macie scan that uses the allow list to ignore the specified values when creating sensitive data findings.


AWS Icon  How to let builders create IAM resources while improving security and agility for your organization
How to put policies and guardrails in place that will allow your organization to grant IAM permissions to builders.


GCP Icon  How to move towards continuous compliance while avoiding misconfigurations
Infrastructure continuous compliance can be achieved thanks to Google Cloud's open and extensible architecture, which uses Security Command Center and open source solutions.


GCP Icon  A comprehensive cloud security approach for state and local governments
As the threat landscape continues to evolve, government leaders need partners that can provide in-depth security to help protect, detect, and mitigate security breaches.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser © 2019-present, CloudSecList by Marco Lancini.