Release Date: 26/01/2020 | Issue: 21
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography
How to leverage Cartography to detect, identify, categorize, and visualize all the assets being deployed in your estate. (Disclaimer: I wrote this post!)


Attacking and Defending Kubernetes Clusters
A Guided Walkthrough Guide to help you create your own Kubernetes environment so you can take on the role of two attacking personas looking to make some money and one defending persona working hard to keep the cluster safe and healthy.


Enumerating Docker Registries with go-pillage-registries
In order to take full advantage of compromised Docker registries, NCC Group has developed go-pillage-registries. This repository contains a tool called pilreg, which provides a pentester-focused interface for these registries. pilreg allows attackers to easily enumerate images stored in a registry in order to obtain their metadata and filesystems.


Use GitHub actions at your own risk
Classic supply chain attack: malicious code can be inserted into any GitHub action, even those which are tagged. Instead of checking out a branch or a tag (both are not safe), you could use a commit hash instead.


preflight - Automatically perform Kubernetes configuration checks using OPA
Preflight Packages are a very thin wrapper around OPA's policies. A package is made of Rego files (OPA's high-level declarative language) and a Policy Manifest. The Policy Manifest is a YAML file intended to add metadata to the rules, so the tool can display useful information when a rule doesn't pass.


Terraform Your Deployment of Vault on Kubernetes
Learn how to get multiple Vault clusters up and running on Kubernetes in a few clicks with Terraform.


VirusTotal Graph++
VirusTotal released a set of changes and improvements to their VirusTotal Graph, which aims to provide a tool which understands the relationship between files, URLs, domains and IP addresses, and an easy interface to pivot and navigate over them. Plus, it also has an API.

From the cloud providers


AWS Icon  How to centralize and automate IAM policy creation in sandbox, development, and test environments
Create a centralized and automated workflow that creates and validates AWS IAM policies for application teams working in various environments.


AWS Icon  Enabling serverless security analytics using AWS WAF full logs, Amazon Athena, and Amazon QuickSight
Analyze AWS WAF logs and build multiple dashboards without booting up servers.


GCP Icon  Introducing Google Cloud's Secret Manager
Secret Manager is a new Google Cloud service that provides a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.


GCP Icon  Exploring container security: Navigate the security seas with ease in GKE v1.15
As GKE moved from v1.12 to v1.15 over the past year, here's an overview of what security changes Google made to the platform (to improve security behind the scenes), as well as advice added to the GKE hardening guide.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.