First in a series of blog posts looking into the default settings used in AWS Elastic Kubernetes Service (EKS) deployments, and demonstrating how small misconfigurations or unwanted side-effects may put our clusters at risk.

Architecture and implications of an automated process aiming to backup a GDrive account, relying on ECS Fargate and S3 Glacier. Disclaimer: I did write this post.

Macie has come a long way from the initial release in 2018. It now supports Delegated Admin like GuardDuty, it has a proper Boto3 API, and there was even an 80% price reduction last year. You can also check the companion repository.

SimuLand is an open-source initiative by Microsoft to help security researchers deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify the effectiveness of related Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise. You can also check out the companion repository.

These are the top five Kubernetes admission control policies that you should have running in your cluster right now.

When and how Route 53 Resolver DNS Firewall and GuardDuty can help you block and detect suspicious traffic.

With Yor, you can trace a misconfigured cloud resource back to code and pinpoint the ideal fix location in git.

13 best practices to help you create, operate, and upgrade applications using Helm.

Observing a Kubernetes-based distributed application using Jaeger, Zipkin, Prometheus, Grafana, and Kiali on Amazon EKS running Istio Service Mesh.

How the Carta's team rebuilt their permissions system on a new platform based on Google Zanzibar.

If you're a software engineer working anywhere near backend systems, the term "service mesh" has probably infiltrated your consciousness some time over the past few years.

AWS-based secrets management for Kubernetes. Leverages users' Kubernetes OIDC authentication tokens for AWS Secrets Manager secrets management.

Azure JWT Token Manipulation Toolset. May aid offensive practitioners in assessing conditional access policies for organizations utilizing Azure/Office365.

Open source IaC security scanner for public Helm charts.

This Plugin for Policy Reporter brings additional Kyverno specific information to the Policy Reporter UI. See what Policies in your Cluster exist, how they are configured and if there are any violations assiciated with them in a graphical UI.

Post discussing the benefits of using an attribute-based access control (ABAC) strategy, and describing how to use ABAC with AWS Single Sign-On (AWS SSO) when you're using Okta as an identity provider (IdP).

AWS Directory Service for Microsoft Active Directory provides customers with the ability to review security logs on their AWS Managed Microsoft AD domain controllers by either using a domain management EC2 instance or by forwarding domain controller security event logs to CloudWatch Logs.

Amazon Cognito identity pools enable you to create and manage unique identifiers for your users and provide temporary, limited-privilege credentials to your application to access AWS resources.

How to automatically resolve IAM Access Analyzer findings generated in response to unintended cross-account access for IAM roles. The solution automates the resolution by responding to the Amazon EventBridge event generated by IAM Access Analyzer for each active finding.

AWS Firewall Manager allows to centrally monitor route configurations for AWS Network Firewall, and get alerts on routes non-compliant with their configuration.

GCP released native email support for log alerting.

A recent Google-commissioned study highlights how enterprises are more confident than ever in cloud security.

Microsoft added to the networking and DNS schemas the Authentication, Process Events, and Registry Events schemas and delivered normalized content based on the two.