This week's articles
Incident Response in the Cloud
Blog post walking through each phase you may encounter in a traditional incident response process and highlighting the differences introduced by cloud computing.
AWS Lambda abuse
Introduction to AWS Lambda in the context of DDoS attacks, outlining strategies that could be used to mitigate the impact of those attacks and create fail-safe serverless applications.
Azure File Shares for Pentesters
Azure services can be a handy way to bypass outbound domain filters/restrictions during assessments. Microsoft-hosted Azure file shares can be used, just like traditional on-prem SMB shares, to run tools and exfiltrate data.
Kubernetes CVE-2020-8559: Privilege escalation from compromised node to cluster
If an attacker is able to intercept certain requests to the Kubelet, they can send a redirect response that may be followed by a client using the credentials from the original request. This can lead to compromise of other nodes. You are only affected by this vulnerability if you treat the node as a security boundary, or if clusters share certificate authorities and authentication credentials.