This week's articles
EKS Pod Identity Webhook Deep-Dive
#aws, #explain
Really interesting deep dive on the EKS Pod Identity Webhook (gives IAM roles to pods) to understand how it works, specifically for non-EKS clusters.
Detecting Microsoft 365 and Azure Active Directory Backdoors
#azure, #defend
Mandiant study regarding an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site.
Artifactory Hacking guide
#saas, #attack
Guide containing pentest notes regarding JFrog Artifactory, useful to understand some of the attacks that can be performed against it.
Envoy Proxy on Windows Containers
#microsoft, #build
Recently the Envoy proxy announced the Alpha version for the Windows platform! You can find the announcement here and the instructions to take part in the Windows Alpha here.
Rootless containers with Podman: The basics
#docker, #explain, #build
Article explaining the benefits of using containers and Podman (a daemonless, open source, Linux-native tool that provides a command-line interface similar to the docker container engine), introduce rootless containers and why they are important, and then shows how to use rootless containers with Podman with an example.
A Linux sysadmin's introduction to cgroups
#docker, #explain
First article of a four-part series covering cgroups and resource management, defining cgroups and how they help with resource management and performance tuning.
Introducing API Shield
#cloudflare, #announcement, #defend
Post from Cloudflare introducing "API Shield", a free offering to secure APIs through the use of strong client certificate-based identity and strict schema-based validation.
|
|
Tools
version-checker
Kubernetes utility for observing the current versions of images running in the cluster, as well as the latest available upstream. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.
Kubei
Kubei is a vulnerabilities scanning tool that allows users to get a risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster, including images of application pods and system pods.
aws_key_triage_tool
Script to automate initial triage/enumeration on a set of AWS keys. The goal is to speed up and automate the manual steps of running AWS CLI commands to determine whether these keys in question are valid and if so what those keys have access to.
autovpn
Script that allows to create on demand disposable OpenVPN endpoints on AWS.
SFPolDevChk
Tool which shows which Profiles in a Salesforce instance have become desynced from an Organization in terms of password and session policies, highlighting any deviations.
kconnect
kconnect is a CLI utility that can be used to discover and securely access Kubernetes clusters across multiple operating environments.
SimuLand
An initiative to share cloud templates and scripts to deploy network environments to simulate adversaries, generate/collect data and learn more about adversary tradecraft from a defensive perspective.
|
|
From the cloud providers
Amazon S3 Update Three New Security & Access Control Features
AWS launched security & access control features designed to give you even more control and flexibility over S3: Object Ownership (you can now ensure that newly created objects within a bucket have the same owner as the bucket), Bucket Owner Condition (you can now confirm the ownership of a bucket when you create a new object or perform other S3 operations), Copy API via Access Points (you can now access S3's Copy API through an Access Point).
Azure TLS certificate changes
Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities (CAs). This change is being made because the current CA certificates do not comply with one of the CA/Browser Forum Baseline requirements.
Auditing Azure Sentinel activities
How you can audit your organization's SOC if you are using Azure Sentinel and how to get the visibility you need with regard to what activities are being performed within your Sentinel environment.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|