Release Date: 19/01/2025 | Issue: 271
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Behavioral Cloud IOCs: Examples and Detection Techniques
Discover how Behavioral Cloud IOCs can expose malicious activity as Wiz breaks down real-world examples to reveal actionable detection techniques.   #attack   #defend   #monitor


Millions of Accounts Vulnerable due to Google's OAuth Flaw
Without immutable identifiers for users and workspaces, domain ownership changes will continue to compromise accounts.   #attack   #gsuite


Intune Attack Paths - Part 1
Part 1 of an Intune Attack Paths series, discussing the fundamental components and mechanics of Intune that lead to the emergence of attack paths.   #attack   #azure


Securing Grafana on Kubernetes
A step-by-step guide to secure a Grafana deployment on Kubernetes using Google Cloud Identity-Aware Proxy (GCP IAP), Gateway API, and Terraform.   #build   #gcp   #kubernetes   #terraform


Terraform S3 Backend Setup: Skip the Table
It is now possible to remove DynamoDB as a dependency, and streamline your S3 backend setup.   #aws   #build   #terraform


Adrift in the Cloud: A Forensic Dive into Container Drift
Post explaining how to analyze container drift from a forensics perspective, with a focus on OverlayFS.   #containers   #explain   #monitor


How to bypass honeypots in AWS
This post suggests a way to detect and avoid honeypots set up for access key IDs in an AWS environment.   #attack   #aws


Register Yubikeys on behalf of your users with Microsoft Entra ID FIDO2 provisioning APIs
This article explains how to use Microsoft Entra ID FIDO2 Provisioning APIs to register YubiKeys on behalf of users. It covers the process, required permissions, and provides code examples for implementing this functionality in applications.   #azure   #build   #iam

Sponsor

Join Chainguard on Tuesday, January 21 for a hands-on virtual workshop Using Chainguard’s Static Images with Compiled Languages. Learn how to create hardened, minimal container images for compiled languages like Go, Rust, and C. We’ll cover migrating Dockerfile builds to Chainguard Images, reducing image size and CVEs, and advanced techniques for debugging and producing truly minimal images.
Reserve your spot and start building secure, minimal images today!

Tools


gram
Klarna's own threat model diagramming tool.


CF-Hero
A reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications.


TokenSmith
TokenSmith generates Entra ID access & refresh tokens on offensive engagements.


uv
An extremely fast Python package and project manager, written in Rust.

From the cloud providers


#AWS   How to implement IAM policy checks with Visual Studio Code and IAM Access Analyzer
How you can integrate IAM Access Analyzer custom policy check capability into VS Code, so you can identify overly permissive IAM policies and fine-tune access controls early in the development process.


#AWS   Preventing unintended encryption of Amazon S3 objects
Four security best practices to protect against the risk of bad actors using SSE-C to encrypt data by using lost or stolen AWS credentials.


#AWS   How to monitor, optimize, and secure Amazon Cognito machine-to-machine authorization
Post exploring strategies to help monitor, optimize, and secure Amazon Cognito M2M authorization.


#AWS   Effortlessly execute AWS CLI commands using natural language with Amazon Q Developer
A step-by-step tutorial on creating a static website using AWS services via the command line, leveraging Amazon Q Developer to translate natural language prompts into executable commands.

Sponsor CloudSecList in 2025

If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at:
🔗 cloudseclist.com/sponsor

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini