Release Date: 06/08/2023 | Issue: 199
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

AWS Security Foundations for Dummies
Keep up with the speed of the cloud and unlock everything you need to know to protect your AWS environment. Learn the most important principles for effective AWS security in this user-friendly book.
Get the FREE eBook today!

This week's articles

awesome-kubernetes-threat-detection   #kubernetes, #monitor
A curated list of resources about detecting threats and defending Kubernetes systems.

Signing URLs in GCP: Convenience vs. Security   #attack, #gcp
Why the "iam.serviceAccounts.signBlob" permission can cause trouble in your GCP environment.

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan   #attack, #aws
This blog lays out a new potential post-exploitation technique: Abusing AWS Systems Manager (SSM) agent so that it functions as a Remote Access Trojan (RAT) on both Linux and Windows machines, while using an attacker AWS account as a Command and Control (C&C).

A Complete Kubernetes Config Review Methodology   #defend, #kubernetes
An overview of the possible aspects that should be reviewed when dealing with a Kubernetes Security Assessment.

From soup to nuts: Building a Detection-as-Code pipeline   #build, #monitor
How to build and implement a Detection-as-Code pipeline from scratch using Terraform, Sumo Logic, and Tines.

Microsoft Entra Workload ID - Introduction and Delegated Permissions   #azure, #explain, #iam
Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?

Best practices for organizations and teams using GitHub Enterprise Cloud   #ci/cd, #defend
The article provides best practices for organizations and teams using GitHub Enterprise Cloud, including tips for securing repositories, managing access controls, and integrating with other security tools.

Maturing your Terraform workflow   #explain, #terraform
A few guidelines that can help organizations mature their use of HashiCorp Terraform modules for scale and a faster release cadence.

Telling More Okta Detection Stories with Google Chronicle   #monitor, #saas
Okta has partnered with Google Chronicle to open source a set of detections rules that help surface cloud attack vectors and provide high-fidelity, contextualized alerts to give insight into potential threats. You can find these detections on GitHub.


CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments. You can also refer to the companion blog post.

A textual GUI that allows to view and interact with your Terraform state.

DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation of repeatable detection samples in the cloud.

A fast stream-processing framework and daemon. You can also refer to the companion blog post.

An automated S3-compatible Bucket Inspector.


Is VPN or Zero Trust Access Best for Remote Working Security?
This article will explain how the zero-trust security model provides a secure alternative to VPN , and review an overview of the steps involved in transitioning to a zero-trust architecture for your organization. With nearly every business having remote workers, it is crucial to understand the advantages and disadvantages of VPNs and zero trust access.

From the cloud providers

AWS Icon  Perform continuous vulnerability scanning of AWS Lambda functions with Amazon Inspector
Activate Amazon Inspector within one or more AWS accounts, and be notified when a vulnerability is detected in an AWS Lambda function.

AWS Icon  Amazon Inspector adds enhanced vulnerability intelligence to its findings
The enhanced vulnerability intelligence includes names of known malware kits used to exploit a vulnerability, mapping to MITRE ATT&CK framework, and evidence of public events associated with a vulnerability.

AWS Icon  How to Receive Alerts When Your IAM Configuration Changes
How to set up EventBridge to initiate SNS notifications for IAM configuration changes.

AWS Icon  Configure fine-grained access to your resources shared using AWS Resource Access Manager
You can use AWS Resource Access Manager (AWS RAM) to securely, simply, and consistently share supported resource types within your organization or organizational units (OUs) and across AWS accounts.

GCP Icon  Test organization policy changes with Policy Simulator
Instructions for using Policy Simulator to see how a change to an organization policy impacts your organization.

Azure Icon  Token theft playbook
Microsoft has been published a Token Theft playbook which includes investigation checklist, hunting queries, response/recovery task lists, and an accompanying decision tree.


Hiring? Feature your listings below - reach out now at [email protected]

Cloud Security Engineering Manager - Datadog
Datadog is looking for an Engineering Manager for Cloud security to build and lead a talented team.

Cloud Security Engineer - Lyft
Lyft is looking for Security Engineers to join their Cloud Security team in Mexico City, Mexico.

Cloud Security Engineer - Octopus Energy
Octopus Energy is looking for Cloud Security Engineer who is skilled in security architecture, deployment, and management.

Azure Security Research Principal - TrustOnCloud
TrustOnCloud is looking for a Cloud Security Researcher with a strong technical foundation in Cloud Security.

Cloud Security Specialist - Deutsche Telekom
Deutsche Telekom is looking for people with experience with Cloud and Security to join them in Hungary.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.