Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

Automating the deployment of Sysmon for Linux and Azure Sentinel in a lab environment – https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054

The @fwdcloudsec 2021 talk videos are now up on YouTube – https://www.youtube.com/playlist?list=PLCPCP1pNWD7Ofg8prNuVasGIwkKB3Ejhw

Kubernetes Security Notebooks – https://github.com/thomasfricke/training-kubernetes-security

H4ck1ng Kubern3tes Book – https://hacking-kubernetes.info/

Kubernetes Security Checklist and Requirements – https://github.com/Vinum-Security/kubernetes-security-checklist

5 common Kubernetes misconfigs and how to fix them – https://bridgecrew.io/blog/5-common-kubernetes-misconfigs-and-how-to-fix-them/

Bypassing required reviews using GitHub Actions – https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7

AWS WAF’s Dangerous Defaults – https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/

CREATING A MALICIOUS AZURE AD OAUTH2 APPLICATION – https://www.trustedsec.com/blog/creating-a-malicious-azure-ad-oauth2-application/

Building an end-to-end Kubernetes-based DevSecOps software factory on AWS – https://aws.amazon.com/blogs/devops/building-an-end-to-end-kubernetes-based-devsecops-software-factory-on-aws/

Implementation of DevSecOps for a Microservices-based Application with Service Mesh – https://csrc.nist.gov/publications/detail/sp/800-204c/draft

TwitchLeak from AWS Security Consultant view– https://twitter.com/zoph/status/1446474797693628424

The Threat of Ransomware to S3 Buckets – https://ermetic.com/blog/aws/new-research-the-urgent-threat-of-ransomware-to-s3-buckets/

Centralised audit logs in GCP in a secure environment with VPC Service Controls – https://medium.com/google-cloud/centralised-audit-logs-in-gcp-in-a-secure-environment-with-vpc-service-controls-5a25cd00441

Azure Privilege Escalation via Service Principal Abuse – https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5

Designing Least Privilege AWS IAM Policies for People – https://www.iampulse.com/t/designing-least-privilege-aws-iam-policies-for-people

Remotely Access your Kubernetes Lab with Cloudflare Tunnel – https://www.marcolancini.it/2021/blog-kubernetes-lab-cloudflare-tunnel/

Hacking AWS end-to-end – remastered – https://www.youtube.com/watch?v=8ZXRw4Ry3mQ

Use Kubescape to check if your Kubernetes clusters are exposed to the latest K8s Symlink vulnerability (CVE-2021-25741) – https://www.armosec.io/blog/kubescape-checks-if-kubernetes-exposed-to-k8s-symlink-vulnerability-cve202125741

Tools

KQL query to detect HandleKatz – https://bluepurple.substack.com/p/bluepurple-pulse-week-ending-october-517

Snowcat – https://github.com/praetorian-inc/snowcat

Minik8s-ctf – https://github.com/quarkslab/minik8s-ctf

Milestone

And a good news before I end the podcast. The podcast has reached 215 downloads! Thanks everyone for listening!

Outro

That’s all for this episode. Thank you for listening and have a secure day!