This week's articles
Under-documented Kubernetes Security Tips
#defend, #explain, #kubernetes
There are some security practices which kinda don't fit into traditional hardening guides, don't get reported as CVEs, and just exist in the minds of expensive consultants.
How Using Deprecated Policies Creates Overprivileged Permissions
AmazonEC2RoleforSSM, a deprecated version of the now recommended AmazonSSMManagedInstaceCore. This post breaks down why AWS likely deprecated the original policy and how organizations leave themselves vulnerable by continuing to use these deprecated policies.
A Look at AWS API Protocols
An introduction to AWS API protocols and how they impact the structure of an AWS API request.
Azure B2C: Crypto Misuse and Account Compromise
Microsoft's Azure Active Directory B2C service contained a cryptographic flaw which allowed an attacker to craft an OAuth refresh token with the contents for any user account. An attacker could redeem this refresh token for a session token, thereby gaining access to a victim account as if the attacker had logged in through a legitimate login flow.
Azure AD Kerberos Tickets: Pivoting to the Cloud
If you've ever been doing an Internal Penetration test where you've reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised.
Canarytokens welcomes Azure Login Certificate Token
#announcement, #azure, #monitor
Canarytokens.org introduced the Azure Login Certificate Token (aka the Azure Token). You can sprinkle Azure tokens throughout your environment and receive high fidelity notifications whenever they're used.
Cloud drift detection: How to resolve out-of-state changes
#defend, #iac, #terraform
The keys to a successful IaC to IaaS drift detection strategy are: understanding when drift becomes a risk, implementing drift detection automation relevant to your stack, and classifying and route their response to the right individual or team.