This week's articles
Privilege Escalation in Google Cloud Platform
Similar to what they did for AWS in the past, this blog post from the RhinoSecurity team aims to provide a source for privilege escalation techniques, this time for Google Cloud Platform (there is also a part 2
which covers non-IAM related methods). If you are not interested in the details of each privilege escalation, consider jumping on the new privilege escalation scanner
Secure your team's code with code scanning and secret scanning
Code scanning is now available as a GitHub-native experience. With code scanning enabled, every 'git push' is scanned for new potential security vulnerabilities, and results are displayed directly in your pull request. In addition, secret scanning is also now available for private repositories.
How to monitor OPA Gatekeeper with Prometheus metrics
If you have deployed OPA Gatekeeper, monitoring this admission controller is as relevant as monitoring the rest of the Kubernetes control plane components. If something breaks here, Kubernetes won't deploy new pods in your cluster; and if it's slow, your cluster scale performance will degrade.
Monitor and Notify on AWS Account Root User Activity and Other Security Metrics
Organizations usually end up piping all cloud API logs to a SIEM (Elasticsearch, Splunk, etc.) and creating alerts based on user and service activity, but what about personal accounts? This article shares a monitoring setup "on a budget" to use in private AWS account. In addition, the companion GitHub repo
provides a Terraform module that creates a multi-regional Trail, connects it with a CloudWatch Log Group, and creates a number of metric filters and metric alerts to receive SNS notifications for high noise actions.
aws-vault Vulnerable to DNS Rebinding Attacks
aws-vault's EC2 metadata service proxy is vulnerable to DNS rebinding attacks. Web pages you visit might be able to steal your AWS credentials if you have the server running on localhost.