This week's articles
Azure Attack Paths
#attack, #azure
Post shedding some light on known attack paths in an Azure environment.
A Guide to Improving Security Through Infrastructure-as-Code
#defend, #explain, #iac
This article aims to make an attempt to collect the main starting points, creating a guide on how to integrate security into infrastructure as a code and show how these security checks and gates, tools and procedures secures the infrastructure.
|
|
Tools
Wolfi
Wolfi is a lightweight GNU software distribution which is designed around minimalism, making it well-suited for containerized environments built with apko. You can also refer to the companion blog post.
dexter
dexter is an OIDC (OpenId Connect) helper to create a hassle-free Kubernetes login experience powered by Google or Azure as Identity Provider.
merloc
MerLoc is a live AWS Lambda function development and debugging tool. It allows to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.
varc
varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
|
|
Sponsor CloudSecList
If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at 📨 [email protected] 📨
|
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|