#aws, #explain

Really interesting deep dive on the EKS Pod Identity Webhook (gives IAM roles to pods) to understand how it works, specifically for non-EKS clusters.

#aws, #explain

@__steele figured out the encoding for most AWS access key IDs, but there are some exceptions.

#aws, #explain

Article trying to shine some light on IAM, as well as some ways to enumerate it with different tools.

#aws, #attack

Real case study of how to enumerate and use IAM permissions to your advantage. It covers manually enumerating IAM policies and roles, as well as automated tools that can do it for you (part 1, part 2).

#aws, #attack

Collection of (automated) offensive attack modules defined as Infrastructure as Code (IAC).

#k8s, #opa, #build

A hands-on coding journey to implement "Policy As Code" and validate the fitness of your Kubernetes Application against the cluster policies.

#k8s, #opa, #build

How to define policies that ensure that no bad Ingress definitions will be deployed to a Kubernetes cluster.

#docker, #explain, #attack

Slides from a talk deep diving into namespaces, cgroups, capabilities, seccomp, and AppArmor/SELinux.

#azure, #defend

Mandiant study regarding an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site.

#saas, #attack

Guide containing pentest notes regarding JFrog Artifactory, useful to understand some of the attacks that can be performed against it.

#docker, #announcement

Docker open sourced the code for the Amazon ECS and Microsoft ACI Compose integrations. This is the first time that Docker has made Compose available for the cloud, allowing developers to take their Compose projects they were running locally and deploy them to the cloud by simply switching context.

#k8s, #istio, #defend

How to deploy and monitor Istio in a Kubernetes cluster to connect, secure, and configure advanced routing for microservices.

#microsoft, #build

Recently the Envoy proxy announced the Alpha version for the Windows platform! You can find the announcement here and the instructions to take part in the Windows Alpha here.

#github, #announcement, #build

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. And it is free for public repositories.

#docker, #explain, #build

Article explaining the benefits of using containers and Podman (a daemonless, open source, Linux-native tool that provides a command-line interface similar to the docker container engine), introduce rootless containers and why they are important, and then shows how to use rootless containers with Podman with an example.

#docker, #explain

First article of a four-part series covering cgroups and resource management, defining cgroups and how they help with resource management and performance tuning.

#cloudflare, #announcement, #defend

Post from Cloudflare introducing "API Shield", a free offering to secure APIs through the use of strong client certificate-based identity and strict schema-based validation.

Kubernetes utility for observing the current versions of images running in the cluster, as well as the latest available upstream. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.

Kubei is a vulnerabilities scanning tool that allows users to get a risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster, including images of application pods and system pods.

Script to automate initial triage/enumeration on a set of AWS keys. The goal is to speed up and automate the manual steps of running AWS CLI commands to determine whether these keys in question are valid and if so what those keys have access to.

Script that allows to create on demand disposable OpenVPN endpoints on AWS.

Tool which shows which Profiles in a Salesforce instance have become desynced from an Organization in terms of password and session policies, highlighting any deviations.

kconnect is a CLI utility that can be used to discover and securely access Kubernetes clusters across multiple operating environments.

An initiative to share cloud templates and scripts to deploy network environments to simulate adversaries, generate/collect data and learn more about adversary tradecraft from a defensive perspective.

AWS launched security & access control features designed to give you even more control and flexibility over S3: Object Ownership (you can now ensure that newly created objects within a bucket have the same owner as the bucket), Bucket Owner Condition (you can now confirm the ownership of a bucket when you create a new object or perform other S3 operations), Copy API via Access Points (you can now access S3's Copy API through an Access Point).

To help better control costs and save time in investigating anomalous spend, AWS announced the launch of Cost Anomaly Detection (Preview). This blog post walks through how to enable this function.

How to use a YubiKey token for MFA with the AWS Command Line Interface (AWS CLI) to create temporary credentials with the permissions that developers need to perform tasks.

This post discusses cross-account design options and considerations for managing Amazon RDS secrets that are stored in AWS Secrets Manager.

How to create a custom permission set to get (read-only) visibility into the AWS Control Tower console, while still enforcing the principle of least privilege.

How to create isolated AWS Cloud9 environments for your developers without requiring ingress (inbound) access from the internet.

Cloud Monitoring now gives you zero-config, out-of-the-box visibility into your entire Compute Engine VM fleet, with quick access to advanced Monitoring features such as installing the Cloud Monitoring agent and configuring fleetwide alerts.

Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities (CAs). This change is being made because the current CA certificates do not comply with one of the CA/Browser Forum Baseline requirements.

A new feature was recently added to Log Analytics (the technology the underpins Azure Sentinel's log storage and query capabilities), that allows you to capture an audit log of all queries run against a workspace.

How you can audit your organization's SOC if you are using Azure Sentinel and how to get the visibility you need with regard to what activities are being performed within your Sentinel environment.

How to facilitate regulatory compliance when you migrate your Windows Server workloads to Azure.

Post describing the security capabilities of Azure Kubernetes on Azure Stack HCI (AKS-HCI), an on-premises implementation of AKS.