NCC Group put together an "Extended" AWS Security Ramp-Up Guide, compiling some of the public resources they've found most helpful.

Another good blog from the RhinoSecurity team, which focuses on a feature of Google Cloud Build that might allow for IAM privilege escalation in certain scenarios.

Part 1 in a series describing what the HelloFresh team learned from running Istio in production.

A few months ago AWS released the ability to add IAM permissions to pods. This article analyzes the AWS implementation, along with some comments on what the author believe they did right and what they did wrong.

How to set up Azure Access Directory Pod Identities inside your cluster. Covering concepts behind AAD Pod Identity, security, and deployment steps.

This article briefly presents Azure AD and explores the different attacking paths this new cloud environment offers to pentesters and red teamers.

Tale from an incident involving the use of compromised AWS access keys, covering how the problem was identified, what was observed, and the lessons learned along the way.

This is really useful: learn how the RAFT protocol (used by etcd, Consul, etc.) works with this interactive walk-through.

Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CD pipeline.

HashiCorp announced the preview release of the Terraform Foundational Policies Library. The repository contains a library of Sentinel policies, developed by HashiCorp, that can be consumed directly within the Terraform Cloud platform.

NCC released ScoutSuite 5.8.0 on Github, with improved support for AWS (KMS, Secrets Manager), Azure (App Service Web Apps, Security Center), GCP, and OCI.

Amazon Elastic Kubernetes Service (EKS) managed node groups now allow fully private cluster networking by ensuring that only private IP addresses are assigned to EC2 instances managed by EKS.

You can use AWS Firewall Manager to centrally configure and manage VPC security groups across all your AWS accounts. This post will take you through the step-by-step instructions to apply common security group rules, audit your security groups, and detect unused and redundant rules in your security groups across your AWS environment.

Whitepaper: Learn how to meet security requirements, regardless of where data is stored.

Google made Unified Extensible Firmware Interface (UEFI) and Shielded VMs the default for everyone using Google Compute Engine, at no additional charge.

Secret Manager is a generally available centralized secrets management solution hosted on Google Cloud. This post looks at some popular third-party tools and services, and shows you how Secret Manager can help create, manage, and access secrets in those systems.