The article explains how threat actors leverage GitHub for command and control & data exfiltration, malware delivery, and supply chain attacks.

Post sharing how the world's most popular repositories fail to manage their build permissions, as well as walking through the why and the how of proper permissions management in GitHub Actions.

The article explains how to recognize when you have lost control of your SIEM. It provides signs to look out for, such as excessive false positives and having trouble answering basic investigative questions.

The slides of a BlackHat 2023 talk that discusses how to identify, fix, and prevent permission explosion in your AWS environment.

Threat actors used SugarCRM's zero-day CVE-2023-22952 and cloud account misconfigurations to access credentials.

A recap of some of the interesting new security changes in Kubernetes 1.28.

The article discusses the importance of integrating security into the DevOps process and introduces In-Toto, an open-source framework that provides a way to verify the integrity of software supply chains. It explains how In-Toto can be used as an API in DevSecOps to ensure the security and trustworthiness of software.

A walkthrough review of the implementation of an on-prem VPN server that used Azure AD as the idP and enforced MFA via conditional access policies.

At scale, many Terraform state files are better than one. But how do you draw the boundaries and decide which resources belong in which state files? What are the best practices for organizing Terraform state files to maximize reliability, minimize the blast-radius of changes, and align with the design of cloud providers?

AWS recently announced that is now possible to enable WAF protection for Cognito user pools. And one of the things you can do with this is to implement geo-fencing and IP allow/deny lists.

Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.

Tools for attacking Azure Function Apps.

Ansible role to apply a security baseline. Systemd edition.

Tool for obfuscating and deobfuscating data. You can also refer to the companion blog post.

Get notified when actions are taken in the AWS Console.

How to manage the Verified Access logging configuration and how to use Verified Access logs to write and troubleshoot access policies faster.

How to automate your IAM Identity Center users and groups permission review process with AWS SDK and AWS serverless services.

This blog post will shows how AD Connector works as well as walk through how to enable federated console access, assign users to roles, and seamlessly join an EC2 instance to an Active Directory domain.

This blog post walks you through logging configuration best practices, discusses three common architectural patterns for Network Firewall logging, and provides guidelines for optimizing the cost of your logging solution.

Now with direct VPC egress, you can send traffic from Cloud Run services and jobs directly to a VPC without needing to proxy through a VPC connector.

You can now use Azure Key Vault references to access your secrets in Azure Container Apps.

Databricks is looking for Security Engineers to help with security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation.

Google is looking for Security Engineers to support Google Cloud customers with specific classes of security and abuse incidents identified within their GCP environments.

We're building a platform that engineers love to use. Join us, and help usher in the future.

Patreon is looking for a senior security engineer with experience and interest in both cloudsec and appsec to join their remote-friendly infrastructure team.

Trustpilot is looking for a Platform Security Engineer to advance the security of their products, data, and infrastructure.