Release Date: 30/08/2020 | Issue: 52
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Design Considerations at the Edge of the ServiceMesh
Article presenting a set of design patterns around inbound and outbound traffic to and from a service mesh.

Providing mTLS Identities to Lambdas
Writeup on how Square added support for mutual TLS calls from AWS Lambda into their data center.

MITRE Shield
MITRE released the Active Defense Matrix, a set of tactics and techniques defenders can use to deny a contested area to an adversary.

A Practitioner's Guide to Using HashiCorp Terraform Cloud with GitHub
Guide illustrating the various approaches to configure a continuous integration and continuous delivery (CI/CD) workflow using GitHub and Terraform Cloud to address the challenges of DevOps environments.

The power of orchestration: how we automated enrichments for AWS alerts
How the Expel team automated enrichments for AWS alerts, with this blog sharing their approach to developing AWS enrichments and the implementation of the enrichment workflow process.

Building a SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
When putting together a SIEM, one of the first things that you need to decide on is the distributed architecture you are going to choose. This means analyzing the resources available, as well as the needs of your SOC.

Lateral Movement in Azure App Services
Blog which tries to answer the question: what are the next steps once you find a vulnerability in an Azure App Services application?

Azure AD Pass The Certificate
Post explaining what NegoEx and PKU2U are, what a P2P certificate is, and how to use those to gain access to Azure AD machines.

Deconstructing Kubernetes Networking
Second post in a series focused on "Deconstructing Kubernetes", which describes how to set up an extremely basic Kubernetes cluster. As soon as you move beyond one node, you'll have to deal with container networking across hosts, which involves a lot of intricacies. As a result, this posts gives some insights on Kubernetes networking.

Configure RBAC in Kubernetes Like a Boss
Introductory post on how to configure RBAC in Kubernetes.

How to monitor etcd
Learn what etcd is, and what you should be monitoring for to ensure your services perform as expected.

A Tale of Escaping a Hardened Docker container
A tale of an escape out of a docker container by circumventing an ad-hoc reverse proxy that was supposed to prevent abuse of "docker.sock" file exposure.

Using Amazon Cognito JWT tokens to authenticate with an Amazon HTTP API
How to create an Amazon Cognito User Pool with a test user and authenticate to an HTTP API (backed by API Gateway) using a JWT token issued by Cognito.


Quick way to get started with testing out Microsoft's security products, using a lab built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC).

Bring AWS SSO-based credentials to the AWS SDKs until they have proper support.

kube-prometheus is a repository collecting Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring using the Prometheus Operator.

CLI tool for linting and testing Helm charts.

Event driven architecture for antivirus file scanning for Amazon S3 buckets.

Tunshell is a simple and secure method to remote shell into ephemeral environments such as deployment pipelines or serverless functions.

SpaceSiren is a honey token manager and alert system for AWS.

From the cloud providers

AWS Icon  Amazon EKS now supports EC2 Instance Metadata Service v2
EKS now supports containerized applications that require access to EC2 instance metadata using the IMDSv2 format. IMDSv2 is an enhancement to instance metadata access that requires session-oriented requests to add defense in depth against unauthorized metadata access.

AWS Icon  Log your VPC DNS queries with Route 53 Resolver Query Logs
Route 53 has launched a new feature called Route 53 Resolver Query Logs, which allows to log all DNS queries made by resources within a VPC.

GCP Icon  How to limit public IPs on Google Cloud
Public IPs have always been an easy attack surface, but GCP just released a new feature that lets you use Org Policies to limit IP creation.

Azure Icon  Become an Azure Security Center Ninja
Curation of many Azure Security Center (ASC) resources, organized in a format that can help you to go from absolutely no knowledge in ASC, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Azure Security Center.

Azure Icon  Become an Azure Sentinel Ninja: The complete level 400 training
Collection of resources that walks you through the Azure Sentinel level 400 training and help you become more proficient with Azure Sentinel.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.