Little is known about the risks managed clusters bring to the table, compared to a vanilla Kubernetes distribution.

How to achieve privilege escalation via misconfigured AWS Batch.

Post diving into two potential security issues identified in AWS API Gateway authorizers.

A set of bugs in AWS Directory Service. One of them could be used for privilege escalation by an authenticated user with sufficient permissions.

A high-level methodology of how one could conduct a penetration test inside the AWS platform.

Different methods of executing arbitrary code and executables in read-only file systems where writable folders are marked as noexec, focusing on pods within the Kubernetes context.

HashiCorp Terraform 1.5 is now generally available, featuring a config-driven import workflow and a new language primitive for infrastructure validations.

The Vault Secrets Operator implements a first-class Kubernetes Operator for Vault, along with CRDs responsible for synchronizing Vault secrets to Kubernetes Secrets.

Rdsconn makes connecting to an AWS RDS instance inside a VPC from your laptop easier.

A collection of ARM-based detections for Azure/AzureAD based TTPs. You can also refer to the companion blog post.

Create your own vulnerable by design AWS penetration testing playground. You can also refer to the companion blog post.

A GitHub Actions workflow that achieves SLSA Build Track Level 3 for provenance generation.

You can now view your logs interactively in real-time as they're ingested, which helps you to analyze and resolve issues across your systems and applications.

Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control.

How to use Amazon Cognito and Verified Permissions together to add fine-grained authorization to your applications.

Amazon launched S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in S3 that applies two layers of encryption to objects when they are uploaded to an S3 bucket.

Amazon launched EC2 Instance Connect (EIC) Endpoint, a new feature that allows you to connect securely to your instances and other VPC resources from the Internet.

Amazon shared the availability of AWS Payment Cryptography, an elastic service that manages payment HSMs and keys for payment processing applications in the cloud.

You can now connect a Google Workspace to AWS IAM Identity Center once and manage access to AWS accounts and applications centrally, in IAM Identity Center.

AWS Config now offers support for excluding resource types from configuration change tracking.

Post walking through new capabilities within AWS Security Hub that you can use to take automated actions to update findings.

AWS introduced AWS WAF Fraud Control - Account Creation Fraud Prevention (ACFP) to help protect your application's sign-up pages against fake account creation by detecting and blocking fake account creation requests.

These new controls target services such as Amazon APIGateway, AWS CodeBuild, Amazon Elastic Compute Cloud, Amazon Elastic Load Balancer, Amazon Redshift, Amazon SageMaker, and AWS WAF.

Google Cloud has introduced resource hierarchies to make IAM management easier.

Google's new Secure Web Proxy is now generally available. This cloud-first network security offering provides web egress traffic inspection, protection, and control.

Security Command Center's new attack path simulation automatically analyzes a customer's environment to pinpoint where and how vulnerable resources may be attacked.

Users can now specify an AMD SEV-SNP based confidential VM for their Windows 11 Azure Virtual Desktop, allowing the execution of sensitive desktop workloads by protecting data in use.

Managed Identity is a secure & simplified authentication model where our agent uses the cluster's managed identity to send data to Azure Monitor.