Post introducing lateral movement as it pertains to VPCs. It discusses attacker TTPs, and outlines best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.

Another update to my "Security Logging in Cloud Environments - GCP" post, this time adding the new Sensitive Actions Service to the SCC section.

How Doyensec managed to bypass eBPF-based controls, along with some ideas on how red teams or malicious actors could evade these new intrusion detection mechanisms.

Lots of AWS accounts working together in harmony will net you a more secure, more reliable, and more compliant cloud infrastructure.

This post explores a common mistake made when assessing the security of multi-arch container images.

The 2nd part of an in-depth look at how companies running Kubernetes can approach implementing the recommendation of PCI's guidance for container orchestration.

For some types of Azure resources and subnets, it's extremely easy to configure what is essentially public network access. This post describes some examples and how to reduce such risks.

Post talking about some attack methods missing from the Threat matrix for Kubernetes published by Microsoft.

Vault 1.12 focuses on improving Vault's core workflows as well as adding new features such as Redis and Amazon ElastiCache secrets engines, a new PKCS#11 provider, improved Transform secrets engine usability, updated resource quotas, expanded PKI revocation and telemetry capabilities.

A VSCode Dev Container with tools to help you build and manage AWS infrastructure with Terraform.

Generate Terraform moved blocks automatically for painless refactoring.

How you can use Access Analyzer to generate an IAM permissions policy that restricts CloudFormation permissions to only those actions that are necessary to deploy a given template, in order to follow the principle of least privilege.

Software Delivery Shield is a fully managed software supply chain security solution that offers a modular set of capabilities to help equip developers, DevOps, and security teams with the tools they need to build secure cloud applications.

Chronicle Security Operations unifies Chronicle's SIEM tech, with the SOAR solutions from the Siemplify acquisition and threat intelligence from Google Cloud. The recently-completed Mandiant acquisition will add even more incident and exposure management and threat intelligence capabilities in the future.

An introduction to custom Organisational Policies for GKE, which enable administrators to enforce security policies and best practices on GKE cluster resources.

Google Cloud's fourth Threat Horizons intelligence report is available. It brings decision-makers strategic intelligence on current and likely future threats to cloud enterprise users and the best original cloud-relevant research and security recommendations from across Google's intelligence and security teams.

GCP now offers daily OS vulnerability scanning of workloads, bubbled into the Security Posture dashboard and Cloud Logging.

Immutable vaults helps you protect your backups against threats like ransomware attacks and malicious actors by ensuring that your backup data cannot be deleted before its intended expiry time.

Windows Admin Center lets you manage the Windows Server Operating System of your Azure Virtual Machines, natively in the Azure Portal.

Setting RBAC query read action on Azure Monitor Logs table is now publicly available.