The October 2019 ATT&CK release saw the introduction of 36 techniques to cover adversary behaviour against cloud-based platforms. Three infrastructure as a service platforms (AWS, Azure, and GCP) have been added, as well as two cloud software platforms, Azure Active Directory (Azure AD) and Office 365, to cover techniques against those specific platforms.

Anyone working in a highly-regulated industry like financial services has complex and challenging regulatory IT requirements to deal with, that can make it hard to adopt new technologies like containers and Kubernetes. To help ease the transition to PCI-compliant workloads on Kubernetes, Google released a PCI Compliance on GKE solution guide. This guide is intended to help address concerns unique to GKE applications in PCI regulated environments.

The Security team at Cruise recently open sourced k-rail, a webhook-based Kubernetes policy enforcement tool. The idea behind it is that, by default, the Kubernetes APIs allow for a variety of easy privilege escalation routes. When operating a multi-tenant cluster, many features can be dangerous or introduce instability and must be used judiciously. k-rail attempts to make workload policy enforcement easy in Kubernetes, even if you already have a large number of diverse workloads.

If you've worked with CloudTrail, you might have experienced some pain while trying to search the logs it generates. To address this, the Duo team released cloudtrail-partitioner, which automatically organizes your CloudTrail logs in a format suitable for quick, cheap and simple querying with Athena.

Even if you might already be familiar with the gitops approach proposed by Argo, I found this step-by-step tutorial very interesting and thorough.

Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods that Spencer Gietzen put together.

Grapl is an open source platform for Detection and Response (D&R). The position that Grapl takes is that graphs provide a more natural experience than raw logs for many common D&R use cases.

If, for whatever reason, you were wondering how to to inspect the network traffic of kubectl, then this small guide on how to use MITMproxy to snoop on kubectl requests might be for you.