This document from NIST focuses on actionable measures to integrate the various building blocks of SSC security assurance into CI/CD pipelines to prepare organizations to address SSC security in the development and deployment of their cloud-native applications.

The article discusses how to use VSCode extensions for initial access during security assessments. It provides examples of extensions that can be leveraged for reconnaissance, exploitation, and post-exploitation activities, highlighting their capabilities and potential risks.

The attack patterns of the modern day threat actor are changing as they are able to traverse across multiple environments in the cloud. CDR needs to keep up.

Post delving into seven common container escape techniques, shedding light on the essential configurations and minimal Linux capabilities required for each method.

Action pinning doesn't always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.

Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023. Surprisingly, these vulnerabilities have received little to no media coverage regarding their ease of exploitation and the potential security implications they pose to any cluster running a non-native object storage.

Curated resources help you prepare for the CNCF CKS "Kubernetes Certified Security Specialist" Certification exam.

Post exploring the latest Okta security incidents and explaining how to fortify your IAM system against social engineering attacks.

Generates runbooks for GuardDuty findings. You can also refer to the companion blog post.

Scripts and IaC to create a ransomware resilient AWS Backup System. You can also refer to the companion blog post.

Buzzer is a fuzzer toolchain that allows to write eBPF fuzzing strategies.

A utility to safely generate malicious network traffic patterns and evaluate controls.

Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s).

Post explaining these new AWS WAF feature enhancements and how you can use alternative request attributes to create more robust and granular sets of rules.

Post explaining the elements needed to build the network perimeter, including policy examples and strategies on how to extend that perimeter.

Post walking step-by-step through the process of applying DNS name constraints to a subordinate CA by using the AWS Private CA service.

Post exploring two examples where limiting privilege provided positive results during a security event.

How to deploy a solution that uses Lambda to automatically manage the lifecycle of VPC Network Access Control List (ACL) rules to mitigate network floods detected using CloudWatch Logs Insights and Amazon Timestream.

This configuration allows traffic from the sending application to be directed to the private IP address of the firewall, facilitating direct egress from the firewall without the need for a UDR.

Azure now introducing support for running queries also on Azure Resource Graph (ARG) tables, and even joining data between Azure Resource Graph (ARG) data sources from your Log Analytics workspace and Application Insights resources in a single query.

VM Insights using Azure Monitor Agent provides various benefits like cost savings, simplified management experience and enhanced security & performance.

The Notary Project is being adopted by Azure Key Vault.

Robinhood is looking for people to join their team, which specializes in detection engineering, automation, and incident response.

As a Cloud Security Architect at H&M Group, you will play a critical role in ensuring the security and compliance of their Azure platform.

Zscaler is looking for Engineers to work across their cloud based products and tech stack comprising of Kubernetes, AWS, Terraform, and Ansible.

Fannie Mae is looking for engineers to work on the development of processes and procedures for designing and implementing components of technological structures.