Release Date: 26/11/2023 | Issue: 215
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

This Black Friday, PentesterLab offers cloud security specialists an invaluable resource to master application security.

Our platform goes beyond the basics with practical exercises in code review, SAML, OAuth2, JWT and real-world CVEs. Elevate your skills with our in-depth, hands-on labs, and stay ahead of security vulnerabilities.

Visit https://pentesterlab.com/csl to take advantage of our Black Friday specials and enhance your expertise in a critical aspect of cybersecurity with PentesterLab.

This week's articles


Attacking GitLab CI/CD via Shared Runners
An attacker who can get their malicious pipeline executing on a runner can steal information for other work executing on the same runner, and subsequently gain access to production systems.   #attack   #ci/cd


Building a free Burp Collaborator with Cloudflare Workers
How to build a free alternative to Burp Collaborator using Cloudflare Workers and Discord.   #build   #cloudflare


Post-exploiting a compromised etcd - Full control over the cluster and its nodes
An exploration of etcd exploitation in Kubernetes, demonstrating how compromised etcd access grants full control over clusters and nodes, emphasizing the critical need for robust etcd security measures.   #attack   #kubernetes


Reversing AWS IAM unique IDs
How to identify the ARN of a user/role from AWS IAM unique IDs, often seen in CloudTrail logs.   #aws   #explain   #iam


(Ab)using the Microsoft Identity Platform: Exploring Azure AD Token Caching
Presentation examining how JSON Web Token (JWT) caching works in corporate settings with Azure Active Directory (Azure AD) integration, including Azure AD Joined and Hybrid environments.   #attack   #azure


Okta for Red Teamers - Perimeter Edition
Post focusing on red team strategies for targeting Okta in initial access phases. It covers identifying Okta portals, setting up phishing infrastructure, evading Okta's behavioral detection, and prevention and detection recommendations for blue teams.   #attack   #saas


The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
Aqua researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.   #attack   #kubernetes


Security best practices for authors of GitHub Actions
Improve your GitHub Action's security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.   #ci/cd   #defend

Sponsor CloudSecList in 2024

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
๐Ÿ“จ [email protected]

Tools


aws-firewall-factory
A solution which helps you deploy, update and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager.


serverless-registry
A docker registry implementation in Workers that uses R2.


terrareg
Open source Terraform module registry with UI, optional Git integration and deep analysis.


youshallnotpass
YouShallNotPass executes administrator specified checks on CI/CD pipelines to prevent unauthorized workflows from executing commands on sensitive systems. You can also refer to the companion blog post.


awskillswitch
Lambda function that streamlines containment of an AWS account compromise.

From the cloud providers


#AWS   Amazon S3 now supports enabling S3 Object Lock on existing buckets
Amazon S3 now allows you to enable S3 Object Lock for existing buckets and to enable S3 Replication for buckets using S3 Object Lock.


#AWS   Use scalable controls for AWS services accessing your resources
Recently, IAM launched two new condition keys: "aws:SourceOrgID" and "aws:SourceOrgPaths".


#AWS   Establishing a data perimeter on AWS: Require services to be created only within expected networks
How to use preventative controls to help ensure that your resources are deployed within your VPC, so that you can effectively enforce the network perimeter controls.


#AWS   AWS IAM Identity Center now provides new APIs to automate access to applications
AWS launched new IAM Identity Center APIs to manage user assignments to supported AWS and cloud applications.


#AWS   How to use multiple instances of AWS IAM Identity Center
You can now have two types of IAM Identity Center instances: organization instances and account instances.


#GCP   Enhancing Cybersecurity with Security Command Center's Attack Path Simulations and Attack Exposure Scoring
Security Command Center (SCC) recently introduced two new features: Attack Path Simulation (APS) and Attack Exposure Scoring (AES).

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini