Given the announcement of AWS Audit Manager, Scott Piper tried to map how AWS security services all connect to one another and where to categorize them.

GitHub's 2019 State of the Octoverse Report showed that on average, each repository has more than 200 dependencies. The reality of the software supply chain is that you are dependent on code you didn't write, yet the dependencies still require work from you for ongoing upkeep. So where should you get started in implementing security controls?

Walkthrough of how MathWorks uses Falco to identify activity related to recon, weaponization, delivery, exploitation, installation, and command & control on their 100K+ daily MATLAB containers.

Post covering multiple aspects of Systems Manager, Documents and how to protect and detect techniques leveraging its "Run Command".

Tutorial on protecting sensitive data in Terraform, by hiding sensitive data in outputs during execution and storing state in a secure cloud object storage.

Interesting approach, how to setup (advanced) monitoring of AWS with Azure Security Center (CSPM), Azure Defender (CWPP), Cloud App Security (CASB), and Azure Sentinel (SIEM).

Post exploring how Kubernetes container isolation impacts privilege escalation attacks, using common kernel exploitation techniques.

Authorized users granted PATCH permission for LoadBalancer or ClusterIP services can do a MITM on anything the cluster.

Post covering a working setup of a service mesh architecture using Envoy for both control and data plane.

How to apply Zero Trust principles by locking down a service mesh to only accept traffic from trusted sources.

In case you've been wondering how you should protect your API Gateway APIs - API Keys vs AWS IAM vs Cognito vs Lambda authorizer vs Resource Policies?

Here is the detailed list of what's new in Kubernetes 1.20.

Netflix released ConsoleMe, a tool that consolidates the management of multiple AWS accounts into a single interface. It allows your end-users and administrators to get credentials for your different accounts, and allows your users/administrators to manage or request cloud permissions.

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE).

AWS Audit Manager is a new service that helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. You can also check the announcement blog post.

As in 2019, Amazon conducted an anonymous survey throughout 2020 amongst container users on AWS. The summary of the results as a PDF file as well as the raw results in CSV format are available along with the details on the questions asked.

AWS Organizations Formation (org-formation) is an open source and community-supported tool that allows users to manage different aspects of their AWS Organizations through Infrastructure as Code (IaC). This series of posts introduces org-formation and explains how to get started.

How to create, configure, and maintain Network Firewall firewalls with common security policies across appropriate accounts and VPCs in your AWS Organizations structure by leveraging Firewall Manager.

AWS Security Hub can now automatically receive findings from the open source tools Kube-bench and Cloud Custodian.

Workflows is a fully managed workflow orchestration product running as part of Google Cloud. It's fully serverless and requires no infrastructure management.

Azure Active Directory pod-managed identities uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods. Administrators create identities and bindings as Kubernetes primitives that allow pods to access Azure resources that rely on AAD as an identity provider.

It is now possible to expand threat detection capabilities in Azure Sentinel using Honey Tokens or Canarytokens.