This blog details research into threat modeling for supply-chain, the evaluation of the effectiveness of each countermeasure such as SBOM, and the design of a centralized CI pipeline.

CERT Societe Generale provides easy to use operational incident best practices.

A funny post where the author shares the stages of ignorance and awareness they encountered, so to help others progress through the early stages more quickly than they did.

Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.

How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.

A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.

In Kubernetes 1.26, the 1st alpha release of validating admission policies is available. Validating admission policies use the Common Expression Language (CEL) to offer a declarative, in-process alternative to validating admission webhooks.

Kubernetes v1.26 introduced generally available (GA) support for kubelet credential provider plugins, offering an extensible plugin framework to dynamically fetch credentials for any container image registry.

This repository contains helper functions and detection rules that could be helpful to customers of Chronicle.

Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports.

Creates log exports at the project, folder, or organization level.

Runs checks to see if an EKS cluster follows EKS Best Practices.

Stores secrets in DynamoDB, encrypted at rest.

An admission controller service and kubectl plugin to handle container drift in K8s clusters.

Architecture guidelines for setting up access to commonly used resources by building a security model in AWS.

AWS recently released a whitepaper on the Security Design of the AWS Nitro System, a combination of purpose-built server designs, data processors, system management components, and specialized firmware that serves as the underlying virtualization technology that powers all EC2 instances launched since early 2018.

AWS released five workshops that simulate security events to help you learn the tools and procedures that AWS CIRT uses on a daily basis to detect, investigate, and respond to such security events.

Post exploring the different insights provided by Network Analyzer and how to configure alerts for them.

Cloud Asset Insights provides insights based on the IAM policies associated with your organization's resources. It is a part of the Recommender service.