Red teaming or pentesting the Google Cloud Platform? This is a very well written tutorial on privilege escalation and post exploitation tactics by GitLab.

Between September and December 2019, Unit 42 researchers periodically scanned and collected metadata from Docker hosts exposed to the internet (largely due to inadvertent user errors) and this research reveals some of the tactics and techniques used by attackers in the compromised Docker engines.

First in a multi-part series where we develop a fully customized system to automatically remediating high risk findings. The first part focuses on creating a system that automatically removes open security groups.

Really nice infographic to help you understand how the encryption & decryption process works for the 5 types of AWS S3 encryption mechanisms.

It's all about understanding the data and instead of trying to treat them all the same, handle them differently based on the environment.

Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework.

peerd is an AWS VPC Peering Connection management tool. It creates meshes of VPCs from a yaml file, and manages the full lifecycle of creation, deletion and route table updates needed to make VPC peerings useful across accounts and regions.

aws-sync-routes synchronizes the specified route from the main/default route table to all custom route tables in the VPC.

Configure SSH and use AWS SSM to connect to instances. No bastions or public-facing instances. SSH user management through IAM. No requirement to store SSH keys locally or on server.

varna is a tool that is meant to monitor AWS CloudTrail logs with support for custom rules while remaining easy to deploy and cheap to run. Varna uses Event Query Language (EQL) as its query language of choice for writing rules in.

Logquacious is an open source, fast, and simple log viewer written at Cash App. It supports reading structured log entries directly from an Elasticsearch log store.

Typically, when you protect data in S3, you use a combination of IAM policies and S3 bucket policies to control access, and you use the AWS KMS to encrypt the data. However, many customers want to extend the value of encryption beyond basic protection against unauthorized access to the storage layer where the data resides. They want to enforce a separation of duties between which team manages access to the storage layer and which team manages access to the encryption keys.

CloudFormation StackSets allows you to roll out CloudFormation stacks over multiple AWS accounts and in multiple Regions. Since the launch of AWS Organizations, you can centrally manage multiple AWS accounts across diverse business needs including billing, access control, compliance, security and resource sharing.

AWS Security Hub released updates and additions to AWS Security Finding Format (ASFF) that enable integrated Security Hub partners to send richer, more detailed findings to Security Hub.

Some advice on how to protect your Kubernetes environment, plus a breakdown of recent GKE features and resources (e.g., Shielded GKE Nodes, Workload Identity, GKE Sandbox).

This guide provides best practices to safely and efficiently set up multiple multi-tenant clusters for an enterprise organization.

Some tips on how to build more secure ELT and ETL pipelines in Cloud Data Fusion.

Manage Azure Resource Groups directly from VSCode.