In addition to EC2 user data and Lambda Functions, ECS task definitions can be a great place to pillage for hardcoded secrets. The RhinoSecurity team added two modules to Pacu, aimed to make the process of enumerating ECS simple for anyone looking to test resources in ECS.

Second post from the RhinoSecurity team. In short, an attacker can use the "cloudtrail:PutEventSelectors" API and configure the event selectors in a way that nothing besides KMS events are logged.

How to leverage the power of Kubernetes audit logs to get deep insight into your clusters. The article explains what Kubernetes audit logs are, as well as how to configure audit log collection and monitoring with Datadog.

Free course content, lab setup instructions, and documentation of a hands on training.

Interesting threads discussing how to train SOC analysts for cloud (AWS) environments: learn how it works, learn how you can break it, practice responding.

re:Invent 2018 talk which covers the different types of policies and describes how they work together to control access to resources in AWS accounts and across AWS organizations.

Nice article from OPA co-creator @tlhinrichs on the 3 most common OPA use cases.

Joint whitepaper co-authored by GitHub and HashiCorp, which discusses how HashiCorp tools and the GitHub platform work together to enable organizations to adopt a strong CI/CD workflow and increase developer velocity.

HashiCorp announced their own certifications program, starting with the "TerraformCertified" and "VaultCertified" exams.

aws-iam-authenticator is a tool that allows to use AWS IAM credentials to authenticate to a Kubernetes cluster.

AzureADLateralMovement allows to build Lateral Movement graphs for Azure Active Directory entities (Users, Computers, Groups and Roles). As a plus, it is compatible with Bloodhound.

Amazon released some advice on how to set up your multi-account structure in AWS.

AWS Security Hub has launched a new security standard: AWS Foundational Security Best Practices v1.0.0, based on CIS controls.

AWS Organizations customers can now use AWS Control Tower to manage newly created organizational units (OUs) and accounts. This allows cloud administrators and architects to set up an AWS Control Tower landing zone with an existing Organization.

You can now use AWS Config to track changes to secrets’ metadata, such as secret description and rotation configuration, relationship to other AWS sources such as the KMS Key used for secret encryption, Lambda function used for secret rotation, and attributes such as tags associated with the secrets.

IAM now makes it easier to identify who is responsible for an AWS action performed by an IAM role when viewing AWS CloudTrail logs. Adding the new service-specific condition, "sts:RoleSessionName", in an IAM policy, enables you to define the role session name that must be set when an IAM principal (user or role) or application assumes the IAM role. AWS adds the role session name to the AWS CloudTrail log when the IAM role performs an action, making it easy to determine who performed the action.

Amazon GuardDuty added support for AWS Organizations to simplify threat detection across all existing and future accounts in an organization.

The first in a series of GCP Security Blueprints. The first one covers PCI on GKE, and contains a set of Terraform configurations and scripts that demonstrate how to bootstrap a PCI environment in Google Cloud. This blueprint enables you to quickly and easily deploy workloads on GKE that align with PCI DSS in a repeatable, supported, and secure way.