Reflections on how it is possible to adopt threat modeling more effectively and efficiently, integrating it with modern DevOps methodologies and tools, and focusing on the value provided to all the various actors involved with the Software Development Lifecycle.

A library of all the attack scenarios on Azure Storage, and how to mitigate them following a risk-based approach.

Post explaining the risk of storage accounts and how to abuse them for lateral movement.

The cluster-admin ClusterRole gives the user access and permission to do all operations on all resources in the cluster. What if we need to block an action performed by cluster admins? We can't do it with RBAC, it only allows for adding of permissions, not taking them away.

DigitalOcean's approach to securing CI/CD through GitHub Actions, OIDC, and HashiCorp Vault.

Post discussing a weakness in the AWS Console authentication flow that allowed an attacker to partially bypass the login rate limit.

Post discussing the details of six privilege escalation vulnerabilities found in Docker Desktop for Windows, and releasing a new tool named PipeViewer that scans for Windows named pipes with weak permissions.

A look at Azure App Services, security advice, and how to use Azure Resource Graph Explorer and other tools to implement these recommendations.

Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository. As a default, this is too permissive, so to improve security GitHub chnaged the default going forward to a read-only token.

Top-level domain name registry service on Google App Engine.

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster.

An open-source database for detecting secrets, API keys, passwords, tokens, and more.

A Terraform module which handles the deployment of Cloud Functions (Gen 2) on GCP.

Allows configuration of logging settings for AWS SSM Session Manager.

Amazon announced VPC resource map, a new feature that displays your existing VPC resources and their routing visually on a single page, allowing you to quickly understand the architectural layout of the VPC.

Post describing several important stages of your response to a ransomware event in Amazon S3, including detection, response, recovery, and protection.

The new ebook includes the top 10 best practices for ransomware protection and covers new services and features that have been released since the original published date in April 2020.

Policy Controller enables the enforcement of programmable policies for Anthos clusters.

Cloud Firewall has significantly enhanced its capabilities in the last six months. Here's what's new, and how it can help strengthen your security posture.

Rapid Vulnerability Detection, a built-in service of Security Command Center Premium, is a zero-configuration network and web application scanner that actively scans public endpoints to detect vulnerabilities that have a high likelihood of being exploited, such as weak credentials, incomplete software installations, and exposed administrator user interfaces.

Azure Application Gateway now supports mTLS and OCSP.