Dragon Cloud Security Podcast S01E12

Posted on

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

Microsoft Intune bug forces Samsung devices into non-compliant state – https://www.bleepingcomputer.com/news/microsoft/microsoft-intune-bug-forces-samsung-devices-into-non-compliant-state/

Microsoft says some Samsung Galaxy devices will be marked as non-compliant with the organization’s security requirements in Microsoft Intune’s management interface after automatic restarts or after installing managed updates.

Kubernetes Best Practices 101 – https://github.com/diegolnasc/kubernetes-best-practices

The purpose of this guide is to help with the learning curve, helping to prepare a more stable, reliable and functional environment.

Securing Microsoft 365 Book – https://twitter.com/ITguySoCal/status/1459038774369742853

Securing Microsoft 365: Defending against top Cybersecurity threats in Microsoft 365 book by Joe Stocker got released.

Managing temporary elevated access to your AWS environment – https://aws.amazon.com/blogs/security/managing-temporary-elevated-access-to-your-aws-environment/

In this post you’ll learn about temporary elevated access and how it can mitigate risks relating to human access to your AWS environment. You’ll also be able to download a minimal reference implementation and use it as a starting point to build a temporary elevated access solution tailored for your organization.

Container Breakouts – Part 1: Access to root directory of the Host and Container Breakouts – Part 2: Privileged Container – https://blog.nody.cc/posts/container-breakouts-part1/, https://blog.nody.cc/posts/container-breakouts-part2/

These posts are part of a series and shows container breakout techniques that can be performed if a container is started with access to the host root directory.

Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over – https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html

A fixed bug in GSuite where secretlyhidden1 share how it was possible to create a superadmin account in anyone’s organization and how can you add an account and make it superadmin.

ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough – https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.

Tutorial: Keyless Sign and Verify Your Container Images With Cosign – https://www.appvia.io/blog/tutorial-keyless-sign-and-verify-your-container-images

Follow along with the tutorial to sign images, and check the signatures in Kubernetes before accepting the pod to run, assuring that the image your cluster is about to start hasn’t been tampered with.

Top 10 Kubernetes Application Security Hardening Techniques – https://blog.aquasec.com/kubernetes-hardening-techniques

This post shares 10 ways that developers can apply hardening to their applications manifests.

Hunting for secrets in Docker Hub – https://blog.gitguardian.com/hunting-for-secrets-in-docker-hub/

In this article, GitGuardian will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, they will compare our results to the ones we have with source code scanning.

Managing permissions with grants in AWS Key Management Service – https://aws.amazon.com/blogs/security/managing-permissions-with-grants-in-aws-key-management-service/

In this blog post, Rick discusses the followings:

An example of how an AWS service uses your KMS key policy and grants to securely manage access to your encryption keys. The example uses Amazon RDS and demonstrates how the block storage volume behind your database instance is encrypted.

Best practices for using grants from AWS KMS in your own workloads.

Recent performance improvements when using grants in AWS KMS.

Advanced Persistent Threat Techniques Used in Container Attacks – https://blog.aquasec.com/advanced-persistent-threat-techniques-container-attacks

In this blog, you will explore advanced persistent threat techniques used in container attacks, learn how rootkits work, and how adversaries are using them to attack cloud native environments.

Require Privileged Workstation for Admin Access with Conditional Access – https://danielchronlund.com/2021/11/02/require-privileged-workstation-for-admin-access-with-conditional-access/

In this blog post Daniel showcases an example of a Conditional Access policy that only allows admin access to Azure management tools from certain Azure AD managed machines, specified by device ID GUID’s.

Demystifying Conditional Access – https://github.com/kennethvs/blog/blob/master/Conditional%20Access%20demystified-v1.2%20-%20February%202021.pdf

A more than 70 pages long white paper about how conditional access works.

Tools

Conditional Access – https://github.com/AlexFilipin/ConditionalAccess/wiki/Release-history#policy-repository-update-2021-11-13

Set of conditional policies as JSON files that can be deployed to the tenant with a PowerShell script. Also, there is a wiki with plenty of information around designing conditional access policies and fitting them to your organization.

Phishing Playbook – https://gitlab.com/syntax-ir/playbooks/-/tree/main/IRP-Phishing

An incident response playbook for phishing.

IAMZERO – https://github.com/common-fate/iamzero

IAM Zero detects identity and access management issues and automatically suggests least-privilege policies. It does this by capturing errors in applications you build or commands that you run which use. By detecting the error and matching it against our Access Advisory lists IAM Zero can instantly provide a least-privilege policy recommendation, customised to your cloud environment.

CAMP – https://github.com/tenchi-security/camp

This is a tool that automatically downloads and keeps a local copy of all AWS IAM Managed Policies, and also runs Cloudsplaining on each. Cloudsplaining identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet.

CDK-DIA – https://github.com/pistazie/cdk-dia

Cdk-dia diagrams your CDK provisioned infrastructure using the Graphviz dot lanuguage.

Monitor AWS Managed IAM Policies Changes – https://twitter.com/mamip_aws/status/1458811758320230400

There was a tweet that someone is running AWS Access Analyzer Policy Validation every time a new update is detected on all AWS Managed Policies.

 

Outro

That’s all for this episode. Thank you for listening and have a secure day!