Release Date: 26/05/2024 | Issue: 239
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

"Free AWS Skillsbuilder access and a CNAPP for $99/mo? Miracles do happen
Did you know there are more than 350 AWS services? Yeah, even Eric Brandwine, VP Distinguished Engineer at AWS canโ€™t tell you about all of them.
While you may not be as amazing an engineer Eric, weโ€™ve got your back in your learning journey and certification path on AWS.
Our head of dev marketing went out and dropped some coin on hundreds of AWS skillsbuilder licenses for you. Put them to good use!
Get your free AWS skillsbuilder license

This week's articles


Passwordless Authentication Series
Palantir went passwordless across their company, including corporate and production environments. They documented their journey: part 1, part 2.   #defend   #strategy


Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 2
To prevent abuse against the use of Snapshot Creation, Instance Creation and Instance Deletion features within cloud environments, security teams and cyber-defenders must ensure that proper monitoring and logging services are enabled across all cloud providers they utilize.   #aws   #azure   #defend


Stop Recommending JWTs (with symmetric keys)
It's difficult to unconditionally recommend Symmetric key JWTs today, given the current state of documentation and the overwhelming evidence that developers copy/paste default symmetric keys.   #build


The Best Way to Start with AWS Security Hub
AWS Security Hub is an awesome tool for creating a native, organization-wide security feed. Learn how to set it up right from the start, for the lowest cost.   #aws   #build   #monitor


AWS Cloud Incident Analysis Query Cheatsheet
A cheatsheet for analyzing AWS cloud incidents using CloudTrail with AWS Athena.   #aws   #explain   #monitor


Utilizing Generative AI and LLMs to Automate Detection Writing
An experiment in build a solution to eliminate the toil involved in detection engineering, going from a threat idea to a finished detection or analytic.   #build   #monitor


Code signing with HashiCorp Vault and GitHub Actions
How to use HashiCorp Vault as a trusted CA for issuing temporal code signing certificates within a GitHub Actions workflow.   #ci/cd   #vault


Tactical Cloud Audit Log Analysis with DuckDB
Using DuckDB to query Cloud Provider audit logs when you don't have a SIEM available.   #aws   #monitor

Tools


AWS Controllers for Kubernetes
AWS Controllers for Kubernetes (ACK) lets you define and use AWS service resources directly from Kubernetes.


kail
Kubernetes tail. Streams logs from all containers of all matched pods.


prel
Aan application that temporarily assigns Google Cloud IAM Roles and includes an approval process.


ZAP now has gRPC support
ZAP introduced a new add-on designed to streamline the process of testing gRPC endpoints and handling Protobuf messages.

From the cloud providers


#AWS   Optimize AWS event and log collection using common design patterns
Some common approaches for collecting data from multiple AWS services across your organization, including common patterns with code samples that you can reuse to consume the data.


#AWS   How to implement single-user secret rotation using Amazon RDS admin credentials
How to implement a modified alternating-user solution that uses Amazon RDS admin user credentials to rotate database credentials while not creating an identical _clone user.


#GCP   Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets
Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches.


#GCP   How to strengthen supply chain security with GKE Security Posture
To provide built-in and centralized visibility into your applications, GCP is introducing software supply chain security insights for GKE workloads in the GKE Security Posture dashboard.


#AZURE   Public preview: Azure Web Application Firewall (WAF) integration in Microsoft Copilot for Security
Increase your security posture and receive an analysis of the top Azure WAF rules triggered, top offending IPs in the environment, SQL injection and Cross-site scripting attacks blocked by WAF, along with natural language explanation of the analysis.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini