Release Date: 25/10/2020 | Issue: 60
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Introducing   #aws, #gcp, #azure, #k8s, #explain is a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by myself.

Enumerate AWS API Permissions Without Logging to CloudTrail   #aws, #attack
Technical writeup for a bug found in the AWS API that allows to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. There is also a companion Github repo with tooling.

Detecting abuse in the AWS control plane in an actionable way using Det{R}ails   #aws, #defend
Blog introducing Det{R}ails (CloudTrail in Details), a tool built on top of the ElasticStack which enriches CloudTrail events so to prioritize and identify risk classes.

Secure data in AWS with Key Management Service (KMS)   #aws, #explain
Guide explaining core KMS concepts and showing how to encrypt your data and scale your data access management uniformly across disparate data services.

Best practices for alerting on Kubernetes   #k8s, #defend
A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples.

Restrict a Container's Syscalls with Seccomp   #k8s, #defend
Tutorial explaining how to load seccomp profiles into a local Kubernetes cluster, how to apply them to a Pod, and how to begin crafting profiles that give only the necessary privileges to containers.

Consuming Secrets in Your OpenShift Applications Using HashiCorp Vault   #k8s, #build
How to run Vault Enterprise as a shared service outside an OpenShift Kubernetes cluster.


Autocert is a kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers. Autocert exists to make it easy to use mTLS (mutual TLS) to improve security within a cluster and to secure communication into, out of, and between kubernetes clusters.

Cloud Security Dashboard for AWS - based on ScoutSuite.

ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.

Demos for several kubernetes security features like Network Policies, Security Context, Pod Security Policies.

Use OpenFaaS functions as Kubernetes Validating Admission Webhook.

From the cloud providers

AWS Icon  Announcing AWS Budgets Actions
It is now possible to define the action you want to take in your account when a budget exceeds its threshold (actual or forecasted amounts).

AWS Icon  Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network
AWS Lambda now supports AWS PrivateLink which lets you invoke Lambda functions securely from inside your virtual private cloud (VPC) or on-premises data centers without exposing traffic to the public Internet.

AWS Icon  Port forwarding sessions created using Session Manager now support multiple simultaneous connections
Port forwarding sessions created using Session Manager, a capability of AWS Systems Manager, now support multiple simultaneous connections over the session. This improvement reduces the rendering latency and improves load times for applications that load data using multiple concurrent connections, when delivering such applications over a port forwarding session.

AWS Icon  How to automate incident response in the AWS Cloud for EC2 instances
Solution presenting a pre-provisioned architecture for an incident response system that you can use to respond to a suspect EC2 instance.

AWS Icon  Use AWS Firewall Manager to deploy protection at scale in AWS Organizations
Step-by-step instructions to deploy and manage security policies across your AWS Organizations implementation by using Firewall Manager.

Azure Icon  Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list
How to query an Azure Sentinel Watchlist using Azure Monitor Logs connector, and also how to use the output data.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.