Writeup of a vulnerability identified in a web application that was using the AWS SDK for Go (v1) to implement an "Import Data From S3" functionality.

You may have been there before: you got access to an AWS account and just want to list which resources are configured in it. The seemingly simple task of listing all resources quickly turns out to be complicated.

Post untangling the question of 'who has access to what' in an Azure Active Directory environment. A PowerShell tool was also released to automatically enumerate this.

A nice diagram providing an overview of the endpoints/integrations/connections/features in the Azure AD ecosystem.

This is the 3rd part of an in-depth look at how companies running Kubernetes can approach implementing the recommendation of PCI’s guidance for container orchestration.

Post explaining AWS Lambda Function URLs - a new feature in AWS Lambda that allows you to call a Lambda function without an API Gateway.

The Orca Research Pod has discovered FabriXss a vulnerability in Azure Service Fabric Explorer that allows attackers to gain full Administrator permissions.

As organisations are integrating Amazon Web Services data sources with Microsoft Sentinel, many are facing a common problem: how to identify AWS resources and handle contextual data such as AWS account information for alerts and incidents?

How can we enforce security best-practices at cluster or namespace level?

Inspect a container image's root CAs. You can also refer to the companion blog post.

Automation to assess the state of your M365 tenant against CISA's baselines.

Evil OIDC server: the OpenID Configuration URL returns a 307 to cause SSRF.

A Terraform module for configuring Workload Identity for GKE clusters.

AWS launched the AWS Parameters and Secrets Lambda Extension, a convenient method for AWS Lambda users to retrieve parameters from AWS Systems Manager Parameter Store and secrets from AWS Secrets Manager.

Detective now uses machine learning (ML) to group related GuardDuty findings that, in isolation, may have been ignored but show the lifecycle of an attack, which can help security analysts identify advanced threats more efficiently.

How to analyze security intelligence from Amazon Cognito advanced security features logs by using AWS native services.

Cloud EKM can help protect data at rest with encryption keys which are stored and managed in a third-party key management system that's outside Google Cloud's infrastructure, and ultimately outside Google's control.

Backup for GKE is a service for backing up and restoring workloads in GKE clusters.

The Microsoft cloud security benchmark (MCSB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure and your multi-cloud environment.

Azure DNS Private Resolver now provides a fully managed recursive resolution and conditional forwarding service for Azure virtual networks.