Release Date: 10/11/2024 | Issue: 263
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Learn Azure and on-prem Red Teaming with Black Friday Deals
Start your Red Team training with us! Altered Security offers multiple Red Team courses with affordable and enterprise-like hands-on labs. Each course comes with an industry-recognized certification. We are the creators of the Certified Red Team Professional (CRTP), CRTE, CARTP and more. Join more than 30K professionals from 130+ countries.
Enjoy Black Friday Deals on all courses and instructor-led bootcamps to be held in Q1 and Q2 2025 till 2nd December 2024. No coupon code required.

This week's articles


How to Build Smaller Container Images: Docker Multi-Stage Builds
This guide explains common sources of image bloat, best practices for slimming down production images, and practical examples for Node.js, Go, Rust, and other application stacks.   #build   #containers   #explain


Building an AppRunner on EC2 with Cloudflare Zero Trust Access
How to automate the deployment of a private AppRunner instance on AWS that hosts multiple internal apps securely behind Cloudflare's zero-trust access controls.   #aws   #build   #cloudflare


How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access
The process involves using API actions like CreateTrustAnchor and CreateProfile to facilitate the exploitation.   #attack   #aws


Artificial authentication: Understanding and observing Azure OpenAI abuse
Adversaries can compromise key material in Azure OpenAI to host malicious models, poison trained models, and steal intellectual property. Here's how they do it and what to look for in the logs.   #attack


Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond
Wiz Research looks at phishing tactics, along with how to trace and investigate these campaigns.   #attack   #defend   #monitor


Applying Test-Driven Development to Detection Engineering
This blog post aims to demonstrate how to apply a TDD workflow to detection engineering that allows to know with certainty that our detections protect us against the target threat.   #defend   #monitor   #process


Climbing The Ladder | Kubernetes Privilege Escalation
This post covers the threat of Kubernetes privilege escalation as well as the abuse potential of system pods within an attack chain, while Part 2 covers how misconfigurations in GKE System Pods could allow attackers to become cluster admin and control an entire Kubernetes cluster.   #attack   #defend   #kubernetes


Filling up the DagBag: Privilege Escalation in Google Cloud Composer
An attacker that has write access to the Cloud Composer environment's dedicated bucket can gain command execution in the Composer environment.   #attack   #gcp


The Many IP Addresses of Kubernetes
Post exploring the variety of IP addresses you're likely to see in a Kubernetes cluster, and how those tie to the operating system level.   #explain   #kubernetes

๐Ÿ“™ [The CloudSec Engineer]

The CloudSec Engineer is discounted for a limited time!
You can get a 30% discount by entering the following discount code at checkout: CYBERNOVEMBER24

Checkout the book

Tools


finch
The Finch CLI is an open source client for container development.


safer-scps
Safer AWS SCP deployments via real-time error monitoring.


hyperlight
Hyperlight is a lightweight Virtual Machine Manager (VMM) designed to be embedded within applications. You can also refer to the companion blog post.


bucket-shield
A tool designed to simulate and detect numerous actions that can disrupt the flow of AWS CloudTrail logs to their configured S3 Buckets. You can also refer to the [companion blog post](https://permiso.io/blog/bucketshield-track-log-flow-secure-buckets-simulate-threats.

From the cloud providers


#AWS   Amazon Inspector suppression rules best practices for AWS Organizations
How to apply tags to resources so that you can use risk-based prioritization of Amazon Inspector findings in your environment.


#AWS   Unauthorized tactic spotlight: Initial access through a third-party identity provider
Some of the recent techniques used by threat actors that leverage specific customer configurations or design to make unauthorized use of resources within an AWS account.


#AWS   Implement effective data authorization mechanisms to secure your data used in generative AI applications
Post walking through the risks associated with using sensitive data as part of fine-tuning for FMs, retrieval augmented generation (RAG), AI agents, and tooling with generative AI workloads.


#GCP   Mandatory MFA is coming to Google Cloud. Here's what you need to know
Starting in 2025, Google will require users to use MFA when accessing Google Cloud.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini