Free online course on Rego policy authoring which teaches how to enforce authorization policy across your cloud-native stack.

NIST released their view on Zero-Trust Architecture, with a document containing an abstract definition of zero trust architecture (ZTA), and giving general deployment models and use cases where zero trust could improve an enterprise's overall information technology security posture.

Article taking a closer look on the anatomy of the AWS Lambda functions and the processes that are happening below the surface. If you are not super-familiar with Lambda, I highly recommend this post which provides a very well-thought introduction.

Post explaining how the Simply Business team runs Terraform within AWS ECS tasks to overcome some issues they've encountered with Terraform's state file locking. The solution is to check for the status of running ECS tasks and recently exited tasks. If no tasks related to the same project are found, a Terraform action (plan or apply) can be executed.

The Cash App team explaining how the ability to deterministically load balance requests with Istio helped them to greatly improve performance and stability for one of their unusual services.

How to detect if an attacker is abusing temporary credentials in your AWS accounts using Splunk.

How to abuse Connection Tracking in AWS to persist connections on a host, even when a more restrictive security group is put in place as a result of incident response.

Lessons learned from an incident resulting in a degraded state of availability for GitHub.com. In this case, a container was configured with an "ImagePullPolicy" of "Always", which instructed Kubernetes to fetch a new container image every time. However, due to a routine DNS maintenance operation that had been completed earlier, clusters were unable to successfully reach the registry resulting in Pods failing to start.

Very interesting new managed IAM policy named "AWSCompromisedKeyQuarantine". As pointed out by Scott Piper, it looks like the same policy has been applied to folks that ended up with an access key on Github.

Useful thread from Kinnaird, regarding the $80 million fine from the Capital One Breach. The best section for me: "Many orgs will put a lot of thought into the privileges behind their user roles, but not nearly enough behind their machine roles".

Walkthrough using Cloudflare Access and Argo Tunnel to add a zero trust security layer to GitLab.

How to transparently automate image scanning on every push to a Harbor registry.

A great 101 on getting started with etcd, from the Alibaba team.

eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. This new website aims to be a hub for documentation, tutorials, reference guides, and more.

Cloudkeeper is a standalone CLI tool that periodically collects a list of resources in cloud accounts, provides metrics about them, and can clean them up.

Open source application to instantly remediate common security issues through the use of AWS Config.

It is now possible to trigger on-demand Azure policy compliance evaluations from GitHub workflows.

k8s-snapshots creates and expires snapshots according to annotations to your PersistentVolume or PersistentVolumeClaim resources.

Debugging tool for Kubernetes which tests and displays connectivity between nodes in the cluster. It runs as a DaemonSet on Kubernetes and produces Prometheus metrics that can be scraped, visualised and alerted on.

Container bundling some cluster-internal K8s DoS attacks, that can be used to demonstrate resource exhaustion from within a Kubernetes cluster.

How to build a golden Windows operating system image that follows the Security Technical Implementation Guides (STIGs) compliance guidelines using Amazon EC2 Image Builder.

How to use AWS Lambda to automate PCI DSS (v3.2.1) evidence generation, and daily log review to assist with your ongoing PCI DSS activities.

You can now govern the VPC settings for your Lambda functions using IAM condition keys. Using these condition keys, you can enforce that users only deploy functions that are connected to a VPC.

IAM Recommender is now generally available to provide in-context and actionable changes to IAM policies that move your project towards least privilege.

Best practices providing specific, informed guidance on helping secure Google Cloud deployments and describing recommended configurations, architectures, suggested settings, and other operational advice.

Series of blog posts covering some cloud-native technologies you can use to detect security threats and alert on logs in Google Cloud. The end result is an end-to-end logs-based security alerting pipeline in GCP.

When it comes to building Docker images for Java applications, Jib can turn any Java app into a space-efficient, optimized container image. Google has now introduced the Jib Plugin Extension Framework, which allows you to tweak every aspect of the image you want to build.

How to use Azure Sentinel to monitor your AKS clusters for security incidents, with a particular focus on the following detection sources that you can integrate into Sentinel: Azure Security Center (ASC) AKS threat protection, Azure Diagnostics logs, Third party tool alert integration.

How to create an AWS Lambda function running PowerShell to ingest data into Azure Sentinel.

Data encryption with customer-managed keys for Azure Database for MySQL enables you to bring your own key (BYOK) for data protection at rest.