Experimenting with Semgrep to eradicate classes of (cloud) vulnerabilities from Infrastructure as Code. (Disclaimer: I did write this post)

Some common mistakes and vulnerabilities that you probably want to know about when designing, configuring or auditing Kubernetes authorization.

How you can use the escalate verb in k8s RBAC to get cluster-admin rights from cases where you already have escalate rights.

What can an attacker do if they found a Remote Code Execution (RCE) vulnerability in a Lambda function?

The Praetorian team uncovered a GCP risk scenario in which privileges in a compromised service can be used to further escalate privileges.

How to prevent a common GitHub Workflow mistake that could leave your project open to abuse by fork-based Pull Requests.

Slides from the equally named talk recorded at the Virtual Azure Community Day. Video is also available.

Rootless mode graduated from experimental in Docker Engine v20.10. Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime.

Learn how automated threat modeling can be performed just by looking at Terraform code.

In KubeCon NA 2020, Styra (creators of OPA) launched a free edition of their Declarative Authorisation Service (DAS). This blog post explains the features of Styra DAS Free edition and how it simplifies OPA policy administration.

KaiMonkey provides example vulnerable infrastructure to help cloud security, DevSecOps and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code.

Cluster.dev is an open-source system delivered as GitHub Action or Docker Image for creating and managing Kubernetes clusters with simple manifests by GitOps approach.

Amazon launched AWS CloudShell, with the goal of making the process of getting to an AWS-enabled shell prompt simple and secure, with as little friction as possible. Every shell environment that you run with CloudShell has the AWS CLI v2 installed and configured so you can run aws commands fresh out of the box.

Starting immediately, you can simply specify that a trail will apply to all regions and CloudTrail will automatically create the same trail in each region. In addition with support for multiple trails, different stakeholders in the company can create and manage their own trails for their own needs.

Amazon announced VPC Reachability Analyzer, a network diagnostics tool that troubleshoots reachability between two endpoints in a VPC, or within multiple VPCs.

Fleet Manager is a new console based experience in Systems Manager that enables systems administrators to view and administer their fleets of managed instances from a single location, in an operating-system-agnostic manner, without needing to resort to remote connections with SSH or RDP.

AWS launched AWS Systems Manager Change Manager, a new change management capability for AWS Systems Manager. It simplifies the way ops engineers track, approve, and implement operational changes to their application configurations and infrastructures.

Amazon Elasticsearch Service (Amazon ES) provides fine-grained access control, powered by the Open Distro for Elasticsearch security plugin. The security plugin adds Kibana authentication and access control at the cluster, index, document, and field levels that can help you secure your data.

How to use Macie to detect sensitive data in Amazon DynamoDB tables by exporting the data to Amazon S3 so that Macie can scan the data.

How to integrate Amazon Macie as part of the data ingestion step in your data pipeline. This solution provides an additional checkpoint that sensitive data has been appropriately redacted or tokenized prior to ingestion.

Scripts and Terraform automation to help you ensure best practices in Google Data Catalog.

Automate the execution of shell commands in a fully serverless and secure way without managing private keys.

The Microsoft Cloud App Security (MCAS) connector lets you stream alerts and Cloud Discovery logs from MCAS into Azure Sentinel. This will enable you to gain visibility into your cloud apps, get sophisticated analytics to identify and combat cyberthreats, and control how your data travels, more details on enabling and configuring the out of the box MCAS connector.

To make it easier for security teams to visualize and monitor their environments for this attack the MSTIC team has shared a SolarWinds Post Compromise hunting workbook via Azure Sentinel and Azure Sentinel GitHub.