This week's articles
DevOps Tools Targeted for Cryptojacking
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.
#attack
#defend
#hashicorp
CloudTrail Logging Evasion: Where Policy Size Matters
Permiso uncovered a subtle yet critical logging evasion vulnerability within AWS environments - mainly the differing size limitations of individual AWS CloudTrail logs versus the actual content being logged. By exploiting whitespace and other syntactic quirks, an attacker can create valid IAM policies that effectively bypass CloudTrail logging.
#attack
#aws
#iam
Azure Arc - C2aaS
Post exploring Azure Arc's overlooked C2aaS potential: attacking and defending against its usage and exploring use cases for Red Teams.
#attack
#azure
#defend
|