Another very interesting post from the Netflix team detailing their approach and lessons learned in creating their data efficiency dashboard, which serves as a single source of truth for cost and usage trends for Netflix's data users.

Blog post walking through each phase you may encounter in a traditional incident response process and highlighting the differences introduced by cloud computing.

Nice mindmap from the Expel team, mapping ATT&CK cloud matrix techniques and common API calls used by redteams and attackers.

Collection of resources useful to get up to speed with AWS (happy to see CloudSecList mentioned!)

Introduction to AWS Lambda in the context of DDoS attacks, outlining strategies that could be used to mitigate the impact of those attacks and create fail-safe serverless applications.

First post in a series showing container breakout techniques. The first post is about how to escape out of a container with access to the root directory of the host.

Running any code in Windows Server Containers should be considered as dangerous as running admin on the host. These containers are not designed for sandboxing (as confirmed by Microsoft), and escapes are easy to perform.

How an attacker can leverage a compromised target to generate AzureAD tokens to reuse offline without knowing the credentials.

Azure services can be a handy way to bypass outbound domain filters/restrictions during assessments. Microsoft-hosted Azure file shares can be used, just like traditional on-prem SMB shares, to run tools and exfiltrate data.

If an attacker is able to intercept certain requests to the Kubelet, they can send a redirect response that may be followed by a client using the credentials from the original request. This can lead to compromise of other nodes. You are only affected by this vulnerability if you treat the node as a security boundary, or if clusters share certificate authorities and authentication credentials.

PowerZure is a PowerShell project created to assess and exploit resources within Azure

Highlights of the updates to the information in the Security Pillar whitepaper of the Well-Architected Framework, with an explanation of the new best practices and guidance.

How to use a custom AWS Lambda function and Amazon CloudWatch to implement automatic drift remediation and return resources created in a CloudFormation stack to compliance with the stack template.

How to use Amazon S3 Inventory, Amazon Athena, and Amazon S3 Batch Operations to provide insights on the encryption status of objects in S3 and to remediate incorrectly encrypted objects in a scalable, resilient, and cost-effective way.

Amazon and HashiCorp introduced the developer preview of the Cloud Development Kit for Terraform (cdktf), that lets you define application infrastructure with familiar programming languages, while leveraging the providers and module definitions provided by Terraform. The CDK for Terraform preview is initially available in TypeScript and Python, with other languages planned in the future.

How to monitor your root CA and generate a security finding in Security Hub if your root is used to issue a certificate.

How to deploy a solution that will provide a fully automated dashboard for AWS Web Application Firewall (WAF) service. The solution uses logs generated and collected by AWS WAF, and displays them in a user-friendly dashboard.

AWS Secrets Manager now allows to search secrets based on attributes such as secret name, description, tag keys, and tag values.

Confidential Computing is a breakthrough technology which encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).

Google introduced Assured Workloads for Government, a new product that simplifies the compliance configuration process and provides seamless platform compatibility between government and commercial cloud environments.

GoogleCloudNext landing page with dozens of GCP reference architectures (smart home devices, rendering, gaming backends, distributed tracing, etc.).

Walk through of the different factors that should be considered when exposing applications on GKE, explain how they impact application exposure, and highlight which networking solutions each requirement will drive you toward.

Post covering the basics of VPC Service Controls and how they can be used to mitigate data exfiltration risks in Google Cloud Platform.

One underappreciated feature of Cloud Asset Inventory are feeds, which monitor resource and policy changes in real-time via a stream of events published to PubSub queues.

Microsoft announced the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping to protect data stored in file shares and data stores designed for enterprise big data analytics.