Dragon Cloud Security Podcast S01E03

September 13, 2021September 13, 2021

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

I Analysed 100+ Cloud Job Descriptions: Here’s What I Discovered – https://www.youtube.com/watch?v=IjYo-LS6lVY

IAM Vulnerable – An AWS IAM Privilege Escalation Playground – https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground

GODFATHER OF LOGGING – https://call4cloud.nl/2021/09/godfather-of-logging/

THE CONDITIONAL ACCESS EXPERIMENT – https://call4cloud.nl/2020/11/the-conditional-access-experiment/

THE DEATH OF COMPLIANCE – https://call4cloud.nl/2021/08/the-death-of-compliance/

RCE in Jira Service Management Server – https://github.com/PetrusViet/CVE-2021-39115

Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances – https://unit42.paloaltonetworks.com/azure-container-instances/ ; https://davidokeyode.medium.com/09-09new-azure-container-instance-vulnerability-what-to-do-188502d9ca29

Require Device Compliance for the non-primary user – https://365bythijs.be/2021/09/08/require-device-compliance-for-the-non-primary-user/

gcpHound : A Swiss Army Knife Offensive Toolkit for Google Cloud Platform (GCP) – https://desi-jarvis.medium.com/gcphound-a-swiss-army-knife-offensive-toolkit-for-google-cloud-platform-gcp-fb9e18b959b4

Accessing AZ CLI remotely via NodeJS express app – https://securecloud.blog/2021/09/07/demo-accessing-az-cli-remotely-via-nodejs-express-app/

An exciting journey to find SSRF, Bypass Cloudflare, and extract AWS metadata! – https://infosecwriteups.com/an-exciting-journey-to-find-ssrf-bypass-cloudflare-and-extract-aws-metadata-fdb8be0b5f79

How to Inject Secrets from AWS, GCP, or Vault Into a Kubernetes Pod – https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892

Automate Your Security in GCP with Serverless Computing – https://www.youtube.com/watch?v=jCQTeglIfeI

Azure Defenses for Ransomware Attack – https://azure.microsoft.com/en-us/resources/azure-defenses-for-ransomware-attack/

Cloud-Native Attacks on Availability: How Ransomware Can Follow You to the Cloud – https://www.brighttalk.com/webcast/10415/502092

Swimming past 2FA, part 2: How to investigate Okta compromise – https://expel.io/blog/swimming-past-2fa-part-2-investigate-okta-compromise/

Bypassing GCP Org Policy with Custom Metadata – https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html

Tools

AWSXenos – https://github.com/AirWalk-Digital/AWSXenos

IAM Vulnerable – https://github.com/BishopFox/iam-vulnerable

Azure Outlook C2 – https://github.com/boku7/azureOutlookC2

Outside Office Hours activity – https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Sign-in%20-%20Auditlog%20outside%20office%20hours.md

OPENCSM – https://github.com/OpenCSPM/opencspm

Magpie – https://github.com/openraven/magpie

Cloudsploit – https://github.com/aquasecurity/cloudsploit

Cloud Custodian – https://github.com/cloud-custodian/cloud-custodian

Principal Mapper – https://github.com/nccgroup/PMapper

SHAREPOINT PERMISSION AUDITING – https://www.lieben.nu/liebensraum/2021/09/sharepoint-permission-auditing/

Outro

That’s all for this episode. Thank you for listening and have a secure day!