Release Date: 20/12/2020 | Issue: 68
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐ŸŽ„ Holiday Break ๐ŸŽ„
After this issue, I will probably take a couple weeks off to disconnect and recharge.
CloudSecList will return in January!

This week's articles


Semgrep for Cloud Security
Experimenting with Semgrep to eradicate classes of (cloud) vulnerabilities from Infrastructure as Code. (Disclaimer: I did write this post)   #iac   #defend


Kubernetes RBAC Security Pitfalls
Some common mistakes and vulnerabilities that you probably want to know about when designing, configuring or auditing Kubernetes authorization.   #k8s   #attack


Escalating Away
How you can use the escalate verb in k8s RBAC to get cluster-admin rights from cases where you already have escalate rights.   #k8s   #attack


Gaining Persistency on Vulnerable Lambdas
What can an attacker do if they found a Remote Code Execution (RCE) vulnerability in a Lambda function?   #aws   #attack


Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths
The Praetorian team uncovered a GCP risk scenario in which privileges in a compromised service can be used to further escalate privileges.   #gcp   #attack


Keeping your GitHub Actions and workflows secure: Preventing pwn requests
How to prevent a common GitHub Workflow mistake that could leave your project open to abuse by fork-based Pull Requests.   #ci/cd   #attack


8 easy steps to improve your security posture in Azure
Slides from the equally named talk recorded at the Virtual Azure Community Day. Video is also available.   #azure   #defend


Run the Docker daemon as a non-root user (Rootless mode)
Rootless mode graduated from experimental in Docker Engine v20.10. Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime.   #docker   #build


Shifting Threat Modeling Left: Automated Threat Modeling Using Terraform
Learn how automated threat modeling can be performed just by looking at Terraform code.   #terraform   #defend


OPA the Easy Way feat. Styra DAS!
In KubeCon NA 2020, Styra (creators of OPA) launched a free edition of their Declarative Authorisation Service (DAS). This blog post explains the features of Styra DAS Free edition and how it simplifies OPA policy administration.   #opa   #defend

Tools


KaiMonkey
KaiMonkey provides example vulnerable infrastructure to help cloud security, DevSecOps and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code.


cluster.dev
Cluster.dev is an open-source system delivered as GitHub Action or Docker Image for creating and managing Kubernetes clusters with simple manifests by GitOps approach.

From the cloud providers


#AWS   AWS CloudShell: Command-Line Access to AWS Resources
Amazon launched AWS CloudShell, with the goal of making the process of getting to an AWS-enabled shell prompt simple and secure, with as little friction as possible. Every shell environment that you run with CloudShell has the AWS CLI v2 installed and configured so you can run aws commands fresh out of the box.


#AWS   AWS CloudTrail Update: Turn on in All Regions & Use Multiple Trails
Starting immediately, you can simply specify that a trail will apply to all regions and CloudTrail will automatically create the same trail in each region. In addition with support for multiple trails, different stakeholders in the company can create and manage their own trails for their own needs.


#AWS   VPC Reachability Analyzer
Amazon announced VPC Reachability Analyzer, a network diagnostics tool that troubleshoots reachability between two endpoints in a VPC, or within multiple VPCs.


#AWS   AWS Systems Manager Fleet Manager
Fleet Manager is a new console based experience in Systems Manager that enables systems administrators to view and administer their fleets of managed instances from a single location, in an operating-system-agnostic manner, without needing to resort to remote connections with SSH or RDP.


#AWS   Introducing AWS Systems Manager Change Manager
AWS launched AWS Systems Manager Change Manager, a new change management capability for AWS Systems Manager. It simplifies the way ops engineers track, approve, and implement operational changes to their application configurations and infrastructures.


#AWS   Get started with fine-grained access control in Amazon Elasticsearch Service
Amazon Elasticsearch Service (Amazon ES) provides fine-grained access control, powered by the Open Distro for Elasticsearch security plugin. The security plugin adds Kibana authentication and access control at the cluster, index, document, and field levels that can help you secure your data.


#AWS   Detecting sensitive data in DynamoDB with Macie
How to use Macie to detect sensitive data in Amazon DynamoDB tables by exporting the data to Amazon S3 so that Macie can scan the data.


#AWS   Use Macie to discover sensitive data as part of automated data pipelines
How to integrate Amazon Macie as part of the data ingestion step in your data pipeline. This solution provides an additional checkpoint that sensitive data has been appropriately redacted or tokenized prior to ingestion.


#GCP   How to Automate Governance Best Practices With Google Data Catalog and Terraform
Scripts and Terraform automation to help you ensure best practices in Google Data Catalog.


#GCP   Run shell commands and orchestrate Compute Engine VMs with Cloud Workflows
Automate the execution of shell commands in a fully serverless and secure way without managing private keys.


#AZURE   Microsoft Cloud App Security (MCAS) Activity Log in Azure Sentinel
The Microsoft Cloud App Security (MCAS) connector lets you stream alerts and Cloud Discovery logs from MCAS into Azure Sentinel. This will enable you to gain visibility into your cloud apps, get sophisticated analytics to identify and combat cyberthreats, and control how your data travels, more details on enabling and configuring the out of the box MCAS connector.


#AZURE   SolarWinds Post-Compromise Hunting with Azure Sentinel
To make it easier for security teams to visualize and monitor their environments for this attack the MSTIC team has shared a SolarWinds Post Compromise hunting workbook via Azure Sentinel and Azure Sentinel GitHub.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini