Any attacker that obtains query access to an osquery fleet can query the AWS metadata service using the curl table. This is turn allows attacker to obtain valid temporary credentials to access the AWS APIs with the instance-assigned privileges in a convenient and scalable fashion.

New CloudGoat challenge designed to simulate how an attacker can exploit an AWS environment by leveraging various security misconfigurations to become a full admin user. This walkthrough will demonstrate the reconnaissance and exploitation steps required to complete this simulation utilizing Rhino's AWS pentest framework, Pacu.

Elastic announces a new alerting framework that delivers a first-class alerting experience natively within the SIEM, Uptime, APM, and Metrics applications as part of the Kibana 7.7 release.

An overview of each service and why you should use one over the other.

Installing certificates with a wildcard on Kubernetes doesn't solve cloud security problems, it only masks them. Learn how to use HashiCorp Vault for PKI management in k8s along with JetStackHQ's cert-manager.

Stormspotter creates an "attack graph" of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work.

AirIAM is an AWS IAM to least privilege Terraform execution framework. It compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform that replaces the exiting IAM management method. AirIAM was created to promote immutable and version-controlled IAM management to replace today's manual and error prone methods.

Nice interactive map that shows the interconnectivity of the different AWS regions.

AWS Security Hub launched a new security standard called "AWS Foundational Security Best Practices". This standard implements security controls that detect when AWS accounts and deployed resources do not align with the security best practices.

Amazon Macie is a fully managed service that helps discover and protect sensitive data, using machine learning to automatically spot and classify it. After some negative feedback, AWS made available a new, enhanced version of Macie with a simplified pricing plan (which reduced the price by 80%).

A high-level overview of Container Threat Detection concepts and features. Container Threat Detection can detect the most common container runtime attacks and alert in Security Command Center and optionally in Cloud Logging.

Cloud Logging, and its companion tool Cloud Monitoring, are full featured products that are both deeply integrated into GKE. This blog post goes over how logging works on GKE and some best practices for log collection.

Google made a new WAF, including Cloud Armor, generally available to all customers, including features such as: geo-based access control, pre-configured WAF rules for SQLi and XSS, custom rules for Layer 7 filtering policies, and a Security Command Center integration.