#aws, #gcp, #azure, #iam

The Wiz team conducted a research of permissions provided to 3rd party vendors in cloud environments and the results should be a wake-up call. In the majority of cases these permissions are there for no reason: the vendor doesn't actually need them, and the customers aren't even aware that they gave them to the vendor.

#gcp, #attack

If an attacker compromises an engineer's workstation, they can easily steal and abuse cached credentials, even if MFA is enabled (Part 1, Part 2).

#k8s, #attack

What are the risks associated with overly permissive pod creation in Kubernetes? This post describes 8 insecure pod configurations and the corresponding methods to perform privilege escalation. The accompanying repository can also help penetration testers and administrators better understand common misconfiguration scenarios.

#k8s, #iam

The "bind" verb is a useful piece of Kubernetes RBAC configuration, but it's also one of the lesser known. As it can enable privilege escalation, it's an important thing to check for when creating or auditing roles.

#k8s, #iam

One of the potential surprises for newcomers to Kubernetes RBAC is what the subtle, but extremely important differences are between the GET and LIST verbs. This even translates to Google Cloud's IAM permission model with GKE clusters with opportunities for unintended consequences.

#k8s, #gcp, #iam

What separates the GKE IAM Roles "Kubernetes Engine Developer" from "Kubernetes Engine Admin"? In most cases, not that much.

#gcp, #iam

If you are running GKE Clusters with Basic Authentication, you'll want to consider removing those credentials from your clusters. This post aims to outline the risks and considerations for remediation.

#gcp, #iam

An approach for creating and verifying least-privilege custom IAM Roles using the gcloud sdk Docker image, Data Access Logging, and the IAM Policy Troubleshooter.

#terraform, #aws, #defend

How Sentinel policies in Terraform can ensure outbound access in security groups and firewalls is restricted.

#docker, #build

Why you should be avoiding root in containers, what rootless containers are, and how they are going to help.

Based in the C.A.L.M.S. definition of DevOps, the framework defines a set of capabilities and guidelines that, when adopted, increase efficiency, effectiveness, and happiness of the team.

Service which provides authenticated access to a static website hosted in an s3 bucket.

This repo is a collection of AWS Service Control Policies (SCPs) written in Terraform to be used in AWS Organizations.

Leapp is a DevTool Desktop App designed to manage and secure Cloud Access in multi-account environments. It's a tool that securely stores your access information in a secure place and generates temporary credential sets to access your Cloud from your local machine.

OpenPolicyAgent v0.26.0 just got released. New features include support for WASM, OAuth2/OIDC, auth plugins, opa bench, etc.

New page added: including a general description of CSPs and some useful samples.

Amazon Elastic Container Service (ECS) now lets you attach IAM resource policies to VPC Endpoints. This allows you to control access to your ECS resources from VPC Endpoints, helping you meet compliance and regulatory requirements.

Federated Amazon EKS Clusters on AWS is a new AWS Solutions Implementation that automates the deployment and federation of two EKS clusters across multiple AWS Regions, configuring highly available, low latency, and easily scalable applications.

How to analyze IAM recommendations across all your projects and bulk-apply those recommendations for an entire project using a set of commands in Cloud Shell.

You can now use Azure Defender for servers to consolidate your vulnerability management program across all of your Azure and non-Azure assets.

If you ingest over 1Tb per day into your Azure Sentinel workspace and/or have multiple Azure Sentinel workspaces in your Azure enrolment, you may want to consider migrating to a dedicated cluster, a recent addition to the deployment options for Azure Sentinel.

Article capturing and listing the security solutions provided by Alibaba Cloud.

Step-by-step guide for securing your online business with Alibaba Cloud CDN and security products.