This week's articles
Auditing PassRole: A Problematic Privilege Escalation Permission
The PassRole permission requirement is ubiquitous. It extends to more than 300 actions in more than 90 services and, in some cases, is obscured by parameters that indirectly contain the role being passed. Comprehensively auditing it can be a handful but is absolutely worth it as not doing so means leaving relatively easy avenues for privilege escalation wide open.
How to Enable Logging on Every AWS Service in Existence (Circa 2021)
Cloud security best practices, as well as most compliance programs, require that logging be enabled for all in-scope services. However, that simple requirement - enable logging - comes with many follow-up questions. Is CloudTrail enough? How do I turn on logging for all these services? Aren't logs collected by default? What. even. is. a. log?
Overview of AWS Logs
#aws, #monitor, #explain
Post listing all main AWS services logging sources with a summary table, format, example and a Grok regex to parse log and ingest into a tool like Elastic Stack (ELK).
Abusing cloud services to fly under the radar
#gcp, #azure, #attack
NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to data from the airline industry. In their intrusions they regularly abuse cloud services from Google and Microsoft to achieve their goals.
Exploring Rootless Docker
With the release of Docker 20.10, the rootless containers feature has left experimental status. This post explores setup and usability of rootless Docker.