Netflix has developed a network observability sidecar called Flow Exporter that uses eBPF tracepoints to capture TCP flows at near real time.

AWS SSO is vulnerable by design to device code authentication phishing, providing a powerful phishing vector for attackers.

How to retrieve AWS security credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) when authenticated in the AWS Console.

Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes.

Post outlining the design of HAPII (the Hardened PII store), and how Gusto leveraged it to improve data handling practices in their systems.

Post outlining all the moving pieces that exist in Alpine's remediation lifecycle, beginning from discovery of the vulnerability, to disclosure to Alpine, to user remediation.

It's quite easy to fingerprint Kubernetes clusters on the Internet, either via distinctive TLS certificates, or exposed API endpoints.

The main purpose of Siloscape is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.

Terraform 1.0 (now GA) marks a major milestone for interoperability, ease of upgrades, and maintenance for your automation workflows.

Google shared an exploratory visualization site: Open Source Insights, which provides an interactive view of the dependencies of open source projects.

Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes.

Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts.

Patrolaroid snapshots AWS instances and buckets to uncover malware, backdoors, cryptominers, toolkits, and other attacker tomfoolery that you probably don't want in your environment.

A collection of tools useful to provide visibility into, and enforcement of security practices across AWS accounts.

Detailed examples of how you can use ABAC in IAM to implement tenant isolation in a multi-tenant environment.

Part 1 in a two part series discussing different policy-as-code solutions.

How to deploy a solution that uses Amazon Macie to discover sensitive data. This solution enables you to set up automatic notification to your company's designated data protection team via a Slack channel when sensitive data that needs to be protected is discovered.

Cloud Asset Inventory gets four new capabilities that help understand your environment more clearly and easily: a new user interface, asset discovery and Datadog integration, answer "who can access what resources?", and create asset posture visibility.

Google is providing more flexibility in Cloud Monitoring by replacing Workspaces with Metrics Scopes. Metrics Scopes handle all of the same operational tasks as the previous construct, and you can associate a project with multiple Metrics Scopes.

By integrating Traffic Director with CA Service, you can manage certificates for apps running on Google Kubernetes Engine.

Microsoft added a new set of policies which can be used to restrict the scope and lifespan of your company's Azure DevOps personal access tokens (PATs).

Azure Sentinel's User and Entity Behavior Analytics provide various capabilities, from resolving different user identifiers into one user account, enriching the data, triggering anomalies, and providing entity pages for the SecOps analyst to support the investigation.

Walk through of three Azure Sentinel notebooks that can scan logs across your entire Azure Sentinel workspace, Azure Blog storage, and Azure Data Explorer environment to detect credential leaks.