Release Date: 27/10/2019 | Issue: 9
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


MITRE ATT&CK Cloud Matrix
The October 2019 ATT&CK release saw the introduction of 36 techniques to cover adversary behaviour against cloud-based platforms. Three infrastructure as a service platforms (AWS, Azure, and GCP) have been added, as well as two cloud software platforms, Azure Active Directory (Azure AD) and Office 365, to cover techniques against those specific platforms.


Swipe right for a new guide to PCI on GKE
Anyone working in a highly-regulated industry like financial services has complex and challenging regulatory IT requirements to deal with, that can make it hard to adopt new technologies like containers and Kubernetes. To help ease the transition to PCI-compliant workloads on Kubernetes, Google released a PCI Compliance on GKE solution guide. This guide is intended to help address concerns unique to GKE applications in PCI regulated environments.


k-rail
The Security team at Cruise recently open sourced k-rail, a webhook-based Kubernetes policy enforcement tool. The idea behind it is that, by default, the Kubernetes APIs allow for a variety of easy privilege escalation routes. When operating a multi-tenant cluster, many features can be dangerous or introduce instability and must be used judiciously. k-rail attempts to make workload policy enforcement easy in Kubernetes, even if you already have a large number of diverse workloads.


Introducing CloudTrail-Partitioner
If you've worked with CloudTrail, you might have experienced some pain while trying to search the logs it generates. To address this, the Duo team released cloudtrail-partitioner, which automatically organizes your CloudTrail logs in a format suitable for quick, cheap and simple querying with Athena.


Argo: Workflow Engine for Kubernetes
Even if you might already be familiar with the gitops approach proposed by Argo, I found this step-by-step tutorial very interesting and thorough.


AWS IAM Privilege Escalation Methods
Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods that Spencer Gietzen put together.


Grapl - A Graph Platform For Detection and Response
Grapl is an open source platform for Detection and Response (D&R). The position that Grapl takes is that graphs provide a more natural experience than raw logs for many common D&R use cases.


Inspecting kubectl traffic with mitmproxy
If, for whatever reason, you were wondering how to to inspect the network traffic of kubectl, then this small guide on how to use MITMproxy to snoop on kubectl requests might be for you.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.