Release Date: 27/10/2019 | Issue: 9
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

MITRE ATT&CK Cloud Matrix
The October 2019 ATT&CK release saw the introduction of 36 techniques to cover adversary behaviour against cloud-based platforms. Three infrastructure as a service platforms (AWS, Azure, and GCP) have been added, as well as two cloud software platforms, Azure Active Directory (Azure AD) and Office 365, to cover techniques against those specific platforms.

Swipe right for a new guide to PCI on GKE
Anyone working in a highly-regulated industry like financial services has complex and challenging regulatory IT requirements to deal with, that can make it hard to adopt new technologies like containers and Kubernetes. To help ease the transition to PCI-compliant workloads on Kubernetes, Google released a PCI Compliance on GKE solution guide. This guide is intended to help address concerns unique to GKE applications in PCI regulated environments.

The Security team at Cruise recently open sourced k-rail, a webhook-based Kubernetes policy enforcement tool. The idea behind it is that, by default, the Kubernetes APIs allow for a variety of easy privilege escalation routes. When operating a multi-tenant cluster, many features can be dangerous or introduce instability and must be used judiciously. k-rail attempts to make workload policy enforcement easy in Kubernetes, even if you already have a large number of diverse workloads.

Introducing CloudTrail-Partitioner
If you've worked with CloudTrail, you might have experienced some pain while trying to search the logs it generates. To address this, the Duo team released cloudtrail-partitioner, which automatically organizes your CloudTrail logs in a format suitable for quick, cheap and simple querying with Athena.

Argo: Workflow Engine for Kubernetes
Even if you might already be familiar with the gitops approach proposed by Argo, I found this step-by-step tutorial very interesting and thorough.

AWS IAM Privilege Escalation Methods
Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods that Spencer Gietzen put together.

Grapl - A Graph Platform For Detection and Response
Grapl is an open source platform for Detection and Response (D&R). The position that Grapl takes is that graphs provide a more natural experience than raw logs for many common D&R use cases.

Inspecting kubectl traffic with mitmproxy
If, for whatever reason, you were wondering how to to inspect the network traffic of kubectl, then this small guide on how to use MITMproxy to snoop on kubectl requests might be for you.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.