Release Date: 17/05/2020 | Issue: 37
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Abusing the osquery 'curl' table for pivoting into cloud environments
Any attacker that obtains query access to an osquery fleet can query the AWS metadata service using the curl table. This is turn allows attacker to obtain valid temporary credentials to access the AWS APIs with the instance-assigned privileges in a convenient and scalable fashion.


CloudGoat AWS Scenario Walkthrough: EC2_SSRF
New CloudGoat challenge designed to simulate how an attacker can exploit an AWS environment by leveraging various security misconfigurations to become a full admin user. This walkthrough will demonstrate the reconnaissance and exploitation steps required to complete this simulation utilizing Rhino's AWS pentest framework, Pacu.


Introducing the new alerting framework for Elastic Observability, Elastic Security, and the Elastic Stack
Elastic announces a new alerting framework that delivers a first-class alerting experience natively within the SIEM, Uptime, APM, and Metrics applications as part of the Kibana 7.7 release.


Azure Policy Initiatives vs Azure Policies: When should I use one over the other?
An overview of each service and why you should use one over the other.


Securing K8s Ingress Traffic with HashiCorp Vault PKIaaS and JetStack Cert-Manager
Installing certificates with a wildcard on Kubernetes doesn't solve cloud security problems, it only masks them. Learn how to use HashiCorp Vault for PKI management in k8s along with JetStackHQ's cert-manager.

Tools


Stormspotter
Stormspotter creates an "attack graph" of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work.


AirIAM
AirIAM is an AWS IAM to least privilege Terraform execution framework. It compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform that replaces the exiting IAM management method. AirIAM was created to promote immutable and version-controlled IAM management to replace today's manual and error prone methods.

From the cloud providers


AWS Icon  Explore AWS Global Infrastructure
Nice interactive map that shows the interconnectivity of the different AWS regions.


AWS Icon  AWS Foundational Security Best Practices standard now available in Security Hub
AWS Security Hub launched a new security standard called "AWS Foundational Security Best Practices". This standard implements security controls that detect when AWS accounts and deployed resources do not align with the security best practices.


AWS Icon  Enhanced Amazon Macie Now Available with Substantially Reduced Pricing
Amazon Macie is a fully managed service that helps discover and protect sensitive data, using machine learning to automatically spot and classify it. After some negative feedback, AWS made available a new, enhanced version of Macie with a simplified pricing plan (which reduced the price by 80%).


GCP Icon  Container Threat Detection conceptual overview
A high-level overview of Container Threat Detection concepts and features. Container Threat Detection can detect the most common container runtime attacks and alert in Security Command Center and optionally in Cloud Logging.


GCP Icon  Using logging for your apps running on Kubernetes Engine
Cloud Logging, and its companion tool Cloud Monitoring, are full featured products that are both deeply integrated into GKE. This blog post goes over how logging works on GKE and some best practices for log collection.


GCP Icon  New WAF capabilities in Cloud Armor for on-prem and cloud workloads
Google made a new WAF, including Cloud Armor, generally available to all customers, including features such as: geo-based access control, pre-configured WAF rules for SQLi and XSS, custom rules for Layer 7 filtering policies, and a Security Command Center integration.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.