This week's articles
Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed
Between September and December 2019, Unit 42 researchers periodically scanned and collected metadata from Docker hosts exposed to the internet (largely due to inadvertent user errors) and this research reveals some of the tactics and techniques used by attackers in the compromised Docker engines.
AWS Automated Remediation - Part 1: Security Groups
First in a multi-part series where we develop a fully customized system to automatically remediating high risk findings. The first part focuses on creating a system that automatically removes open security groups.
Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework.
peerd is an AWS VPC Peering Connection management tool. It creates meshes of VPCs from a yaml file, and manages the full lifecycle of creation, deletion and route table updates needed to make VPC peerings useful across accounts and regions.
SSH over AWS SSM
Configure SSH and use AWS SSM to connect to instances. No bastions or public-facing instances. SSH user management through IAM. No requirement to store SSH keys locally or on server.
Logquacious is an open source, fast, and simple log viewer written at Cash App. It supports reading structured log entries directly from an Elasticsearch log store.