Release Date: 01/03/2020 | Issue: 26
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Introducing Dispatch
Netflix open-sourced their crisis management orchestration framework: Dispatch! Dispatch helps effectively manage security incidents by deeply integrating with existing tools used throughout an organization (Slack, GSuite, Jira, etc.). Dispatch leverages the existing familiarity of these tools to provide orchestration instead of introducing another tool. This means you can let Dispatch focus on creating resources, assembling participants, sending out notifications, tracking tasks, and assisting with post-incident reviews; allowing you to focus on actually fixing the issue!


What should—and shouldn’t—scare you about Kubernetes
Slides of @connorgilbert's talk at BSidesSF 2020, covering some of the basic building blocks of containerized infrastructure (with an eye toward how they affect your life, or the life of your favourite dev, ops, or security team), and then going into some of the particulars of Kubernetes and how it works today (How risky is it? How badly could this go? And how easy is it to mitigate the risk, if there is one?)


Container Security – Nobody Knows What It Means But It’s Provocative
The current understanding of "container security" as a term and market is muddled, especially given containers are used by different teams in different contexts. It could mean scanning image repositories for vulnerabilities or exposed secrets, managing credentials for container deployment, or monitoring running containers for unwanted activity. This post aims to help provide some clarity around the market for all involved.


Kubernetes log aggregation
This blog post explores what it takes to build your own Kubernetes log aggregator, using a Node.js microservice as an example.


Attacking Azure, Azure AD, and Introducing PowerZure
This article explains how certain components within Azure can be leveraged from an offensive perspective and introduces PowerZure, a project to help with offensive operations against Azure.


Azure Privilege Escalation Using Managed Identities
Managed Identities on Azure VMs can be given excessive permissions. Access to these VMs could lead to privilege escalation.


sandbox-operator
A kubernetes operator for creating isolated environments, by using segregated namespaces and RBAC for authenticated users specified in the CRD.


Discovering anomalous patterns based on parent-child process relationships
Interesting article on detecting post-compromise anomalous patterns based on parent-child process relationships.

From the cloud providers


AWS Icon  Continuous compliance monitoring with Chef InSpec and AWS Security Hub
This post shows how to run a Chef InSpec scan with AWS Systems Manager and Systems Manager Run Command across your managed instances. InSpec is an open-source runtime framework that lets you create human-readable profiles to define security, compliance, and policy requirements and then test your EC2 instances against those profiles. InSpec profiles can also be used to make sure certain network ports aren’t reachable, to verify that certain packages are not installed, and/or to confirm that certain processes are running on your instances.


AWS Icon  Introducing AWS Config Conformance Packs
AWS introduced an addition to Config: conformance packs. Conformance packs help you manage configuration compliance of your AWS resources at scale – from policy definition to auditing and aggregated reporting, using a common framework and packaging model.


AWS Icon  Security Best Practices for Amazon RDS
Documentation shows you how to configure RDS to meet your security and compliance objectives.


AWS Icon  How to improve LDAP security in AWS Directory Service with client-side LDAPS
You can now better protect your organization’s identity data by encrypting LDAP communications between AWS Directory Service products and self-managed Active Directory. Client-side secure LDAP (LDAPS) support enables applications that integrate with AWS Directory Service, such as Amazon WorkSpaces and AWS Single Sign-On, to connect to AD using Secure Sockets Layer/Transport Layer Security (SSL/TLS).


GCP Icon  Internal HTTP(S) Load Balancers in GKE
You can now create an Internal HTTP(S) Load Balancers in GKE using Ingress.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.