Release Date: 25/10/2020 | Issue: 60
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Introducing CloudSecDocs.com
CloudSecDocs.com is a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by myself.   #aws   #gcp   #azure   #k8s   #explain


Enumerate AWS API Permissions Without Logging to CloudTrail
Technical writeup for a bug found in the AWS API that allows to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. There is also a companion Github repo with tooling.   #aws   #attack


Detecting abuse in the AWS control plane in an actionable way using Det{R}ails
Blog introducing Det{R}ails (CloudTrail in Details), a tool built on top of the ElasticStack which enriches CloudTrail events so to prioritize and identify risk classes.   #aws   #defend


Secure data in AWS with Key Management Service (KMS)
Guide explaining core KMS concepts and showing how to encrypt your data and scale your data access management uniformly across disparate data services.   #aws   #explain


Best practices for alerting on Kubernetes
A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples.   #k8s   #defend


Restrict a Container's Syscalls with Seccomp
Tutorial explaining how to load seccomp profiles into a local Kubernetes cluster, how to apply them to a Pod, and how to begin crafting profiles that give only the necessary privileges to containers.   #k8s   #defend


Consuming Secrets in Your OpenShift Applications Using HashiCorp Vault
How to run Vault Enterprise as a shared service outside an OpenShift Kubernetes cluster.   #k8s   #build

Tools


autocert
Autocert is a kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers. Autocert exists to make it easy to use mTLS (mutual TLS) to improve security within a cluster and to secure communication into, out of, and between kubernetes clusters.


PrismX
Cloud Security Dashboard for AWS - based on ScoutSuite.


ROADtools
ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.


k8s-security-demos
Demos for several kubernetes security features like Network Policies, Security Context, Pod Security Policies.


admission-webhook-example-with-openfaas
Use OpenFaaS functions as Kubernetes Validating Admission Webhook.

From the cloud providers


#AWS   Announcing AWS Budgets Actions
It is now possible to define the action you want to take in your account when a budget exceeds its threshold (actual or forecasted amounts).


#AWS   Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network
AWS Lambda now supports AWS PrivateLink which lets you invoke Lambda functions securely from inside your virtual private cloud (VPC) or on-premises data centers without exposing traffic to the public Internet.


#AWS   Port forwarding sessions created using Session Manager now support multiple simultaneous connections
Port forwarding sessions created using Session Manager, a capability of AWS Systems Manager, now support multiple simultaneous connections over the session. This improvement reduces the rendering latency and improves load times for applications that load data using multiple concurrent connections, when delivering such applications over a port forwarding session.


#AWS   How to automate incident response in the AWS Cloud for EC2 instances
Solution presenting a pre-provisioned architecture for an incident response system that you can use to respond to a suspect EC2 instance.


#AWS   Use AWS Firewall Manager to deploy protection at scale in AWS Organizations
Step-by-step instructions to deploy and manage security policies across your AWS Organizations implementation by using Firewall Manager.


#AZURE   Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list
How to query an Azure Sentinel Watchlist using Azure Monitor Logs connector, and also how to use the output data.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini