Dragon Cloud Security Podcast S02E01

November 25, 2021

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

Which Managed Kubernetes Is Right for Me? – https://www.armosec.io/blog/which-managed-kubernetes-is-right-for-me

Capturing Outlook & Google Calendars via Salesforce Guest User Bug – https://cloudsecurityalliance.org/blog/2021/11/12/einstein-s-wormhole-capturing-outlook-google-calendars-via-salesforce-guest-user-bug/

Microsoft 365 Compliance audit log activities via O365 Management API – Part 1 – https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-365-compliance-audit-log-activities-via-o365/ba-p/2957171

How to Detect Azure Active Directory Backdoors: Identity Federation – https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html

Automated Manifest File Validation Using Open Policy Agent and GitHub Actions – https://medium.com/@ravindursr/automated-manifest-file-validation-using-open-policy-agent-and-github-actions-697fa9fd74f0

Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report – https://cloud.google.com/blog/products/identity-security/coin-mining-ransomware-apts-target-cloud-gcat-report

Cloudsplaining and Checkov: Identify AWS IAM least privilege violations from code to cloud – https://bridgecrew.io/blog/aws-iam-least-privilege-iac-cloudsplaining-and-checkov/

Investigating Suspicious Azure Activity with Microsoft Sentinel – https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/investigating-suspicious-azure-activity-with-microsoft-sentinel/ba-p/2985699?s=09

Unlocking the Vault :: Unauthenticated Remote Code Execution against CommVault Command Center – https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html

Hunters Research: Is AWS Recycling your Access Keys? – https://www.hunters.ai/blog/hunters-research-is-aws-recycling-your-access-keys

Integrating Microsoft Teams with Microsoft Cloud App Security – https://techcommunity.microsoft.com/t5/microsoft-teams-community-blog/integrating-microsoft-teams-with-microsoft-cloud-app-security/ba-p/2986865

Secure Your VMware ESXi Hosts Against Ransomware – https://www.truesec.com/hub/blog/secure-your-vmware-esxi-hosts-against-ransomware

A virtual journey: From hardware virtualization to Hyper-V’s Virtual Trust Levels – https://blog.quarkslab.com/a-virtual-journey-from-hardware-virtualization-to-hyper-vs-virtual-trust-levels.html

How to Backdoor Azure Applications and Abuse Service Principals – https://www.inversecos.com/2021/10/how-to-backdoor-azure-applications-and.html

Creating Malicious Admission Controllers – https://blog.rewanthtammana.com/creating-malicious-admission-controllers

Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit – Part 2 – https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2/

How to set up Amazon Cognito for federated authentication using Azure AD – https://aws.amazon.com/blogs/security/how-to-set-up-amazon-cognito-for-federated-authentication-using-azure-ad/

Must Learn KQL Part 1: Tools and Resources – https://azurecloudai.blog/2021/11/17/must-learn-kql-part-1-tools-and-resources/

Must Learn KQL Part 2: Just Above Sea Level – https://azurecloudai.blog/2021/11/18/must-learn-kql-part-2-just-above-sea-level/

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs – https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/

Hands-on walkthrough of the AWS Network Firewall flexible rules engine – Part 2 – https://aws.amazon.com/blogs/security/hands-on-walkthrough-of-the-aws-network-firewall-flexible-rules-engine-part-2/

Do not use AWS CloudFormation – https://gswallow.medium.com/do-not-use-aws-cloudformation-7cf61f58bd5f

CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory – https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/

GitHub Apps – How to avoid leaking your customer’s source code with GitHub apps – https://roadie.io/blog/avoid-leaking-github-org-data/

Container Breakouts – Part 3: Docker Socket – https://blog.nody.cc/posts/container-breakouts-part3/

Tools

Sycamore – https://github.com/raesene/sycamore

Suspicious_InboxRule.kql – https://gist.github.com/mrrothe/af8cc2d7577ffc10dbf6d5746c4dde0d

Cfsec – https://www.owenrumney.co.uk/using-cfsec/

Azure Permissions – https://azure.permissions.cloud/

GCP Permissions – https://gcp.permissions.cloud/

AWS Permissions – https://aws.permissions.cloud/

Kubernetes-Goat – https://www.kitploit.com/2021/11/kubernetes-goat-is-vulnerable-by-design.html

Trivy – https://github.com/aquasecurity/trivy

Outro

That’s all for this episode. Thank you for listening and have a secure day!