Release Date: 06/08/2023 | Issue: 199
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

AWS Security Foundations for Dummies
Keep up with the speed of the cloud and unlock everything you need to know to protect your AWS environment. Learn the most important principles for effective AWS security in this user-friendly book.
Get the FREE eBook today!

This week's articles


awesome-kubernetes-threat-detection
A curated list of resources about detecting threats and defending Kubernetes systems.   #kubernetes   #monitor


Signing URLs in GCP: Convenience vs. Security
Why the "iam.serviceAccounts.signBlob" permission can cause trouble in your GCP environment.   #attack   #gcp


More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
This blog lays out a new potential post-exploitation technique: Abusing AWS Systems Manager (SSM) agent so that it functions as a Remote Access Trojan (RAT) on both Linux and Windows machines, while using an attacker AWS account as a Command and Control (C&C).   #attack   #aws


A Complete Kubernetes Config Review Methodology
An overview of the possible aspects that should be reviewed when dealing with a Kubernetes Security Assessment.   #defend   #kubernetes


From soup to nuts: Building a Detection-as-Code pipeline
How to build and implement a Detection-as-Code pipeline from scratch using Terraform, Sumo Logic, and Tines.   #build   #monitor


Microsoft Entra Workload ID - Introduction and Delegated Permissions
Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?   #azure   #explain   #iam


Best practices for organizations and teams using GitHub Enterprise Cloud
The article provides best practices for organizations and teams using GitHub Enterprise Cloud, including tips for securing repositories, managing access controls, and integrating with other security tools.   #ci/cd   #defend


Maturing your Terraform workflow
A few guidelines that can help organizations mature their use of HashiCorp Terraform modules for scale and a faster release cadence.   #explain   #terraform


Telling More Okta Detection Stories with Google Chronicle
Okta has partnered with Google Chronicle to open source a set of detections rules that help surface cloud attack vectors and provide high-fidelity, contextualized alerts to give insight into potential threats. You can find these detections on GitHub.   #monitor   #saas

Sponsor

Is VPN or Zero Trust Access Best for Remote Working Security?
This article will explain how the zero-trust security model provides a secure alternative to VPN , and review an overview of the steps involved in transitioning to a zero-trust architecture for your organization. With nearly every business having remote workers, it is crucial to understand the advantages and disadvantages of VPNs and zero trust access.

Tools


cnappgoat
CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments. You can also refer to the companion blog post.


terraform-tui
A textual GUI that allows to view and interact with your Terraform state.


derf
DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation of repeatable detection samples in the cloud.


kawa
A fast stream-processing framework and daemon. You can also refer to the companion blog post.


BucketLoot
An automated S3-compatible Bucket Inspector.

From the cloud providers


#AWS   Perform continuous vulnerability scanning of AWS Lambda functions with Amazon Inspector
Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.


#AWS   Amazon Inspector adds enhanced vulnerability intelligence to its findings
The enhanced vulnerability intelligence includes names of known malware kits used to exploit a vulnerability, mapping to MITRE ATT&CK framework, and evidence of public events associated with a vulnerability.


#AWS   How to Receive Alerts When Your IAM Configuration Changes
How to set up EventBridge to initiate SNS notifications for IAM configuration changes.


#AWS   Configure fine-grained access to your resources shared using AWS Resource Access Manager
You can use AWS Resource Access Manager (AWS RAM) to securely, simply, and consistently share supported resource types within your organization or organizational units (OUs) and across AWS accounts.


#GCP   Test organization policy changes with Policy Simulator
Instructions for using Policy Simulator to see how a change to an organization policy impacts your organization.


#AZURE   Token theft playbook
Microsoft has been published a Token Theft playbook which includes investigation checklist, hunting queries, response/recovery task lists, and an accompanying decision tree.

Jobs

Hiring? Feature your listings below - reach out now at [email protected]

Cloud Security Engineering Manager - Datadog
Datadog is looking for an Engineering Manager for Cloud security to build and lead a talented team.


Cloud Security Engineer - Lyft
Lyft is looking for Security Engineers to join their Cloud Security team in Mexico City, Mexico.


Cloud Security Engineer - Octopus Energy
Octopus Energy is looking for Cloud Security Engineer who is skilled in security architecture, deployment, and management.


Azure Security Research Principal - TrustOnCloud
TrustOnCloud is looking for a Cloud Security Researcher with a strong technical foundation in Cloud Security.


Cloud Security Specialist - Deutsche Telekom
Deutsche Telekom is looking for people with experience with Cloud and Security to join them in Hungary.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini