This week's articles
MITRE ATT&CK Cloud Matrix
The October 2019 ATT&CK release saw the introduction of 36 techniques to cover adversary behaviour against cloud-based platforms. Three infrastructure as a service platforms (AWS, Azure, and GCP) have been added, as well as two cloud software platforms, Azure Active Directory (Azure AD) and Office 365, to cover techniques against those specific platforms.
Swipe right for a new guide to PCI on GKE
Anyone working in a highly-regulated industry like financial services has complex and challenging regulatory IT requirements to deal with, that can make it hard to adopt new technologies like containers and Kubernetes. To help ease the transition to PCI-compliant workloads on Kubernetes, Google released a PCI Compliance on GKE
solution guide. This guide is intended to help address concerns unique to GKE applications in PCI regulated environments.
The Security team at Cruise recently open sourced k-rail, a webhook-based Kubernetes policy enforcement tool. The idea behind it is that, by default, the Kubernetes APIs allow for a variety of easy privilege escalation routes. When operating a multi-tenant cluster, many features can be dangerous or introduce instability and must be used judiciously. k-rail attempts to make workload policy enforcement easy in Kubernetes, even if you already have a large number of diverse workloads.
If you've worked with CloudTrail, you might have experienced some pain while trying to search the logs it generates. To address this, the Duo team released cloudtrail-partitioner
, which automatically organizes your CloudTrail logs in a format suitable for quick, cheap and simple querying with Athena.
AWS IAM Privilege Escalation Methods
Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods that Spencer Gietzen put together.
Inspecting kubectl traffic with mitmproxy
If, for whatever reason, you were wondering how to to inspect the network traffic of kubectl, then this small guide on how to use MITMproxy to snoop on kubectl requests might be for you.