Intro
Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597
Articles
Achieving Least Privilege with AWS IAM – https://dev.to/prince_of_pasta/achieving-least-privilege-with-aws-iam-10i
Exploring Container Security: A Storage Vulnerability Deep Dive – https://security.googleblog.com/2021/12/exploring-container-security-storage.html
SSRF vulnerability in AppSheet – Google VRP – https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html
AWS SageMaker Jupyter Notebook Instance Takeover – https://blog.lightspin.io/aws-sagemaker-notebook-takeover-vulnerability
How to Secure Containers with Cosign and Distroless Images – https://www.infracloud.io/blogs/secure-containers-cosign-distroless-images/
Scary Azure AD Tenant Enumeration… Using Regular B2B Guest Accounts – https://danielchronlund.com/2021/11/18/scary-azure-ad-tenant-enumeration-using-regular-b2b-guest-accounts/
Cloud Service Provider security mistakes – https://github.com/SummitRoute/csp_security_mistakes
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify – https://www.trendmicro.com/en_ph/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html
Azure Privilege Escalation via Azure API Permissions Abuse – https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
Write your first query with Kusto Query Language – https://docs.microsoft.com/en-us/learn/modules/write-first-query-kusto-query-language/
Lateral Movement With Managed Identities Of Azure Virtual Machines – https://m365internals.com/2021/11/30/lateral-movement-with-managed-identities-of-azure-virtual-machines/
monday.com’s Multi-Regional Architecture: A Deep Dive – https://engineering.monday.com/monday-coms-multi-regional-architecture-a-deep-dive/
reInvent2021 – https://github.com/zoph-io/awscon-onepager/blob/master/reinvent/reinvent-2021.md
More control and better insights for your Zero Trust deployments – https://techcommunity.microsoft.com/t5/azure-active-directory-identity/more-control-and-better-insights-for-your-zero-trust-deployments/ba-p/2365684
Threat Hunting AWS CloudTrail With Sentinel: Part 2 – https://www.binarydefense.com/threat-hunting-aws-cloudtrail-with-sentinel-part-2/
Kubernetes API Access Security Hardening – https://goteleport.com/blog/kubernetes-api-access-security
Digging into Linux namespaces – part 1 – https://blog.quarkslab.com/digging-into-linux-namespaces-part-1.html
More coverage to protect your identities – https://techcommunity.microsoft.com/t5/azure-active-directory-identity/more-coverage-to-protect-your-identities/ba-p/2365685
Anti-Patterns When Building Container Images – http://jpetazzo.github.io/2021/11/30/docker-build-container-images-antipatterns/
Tools
ThreatHuntingatScalewithSparkNotebooks – https://github.com/ashwin-patil/threat-hunting-with-notebooks/blob/master/JupyterThon-ThreatHuntingatScalewithSparkNotebooks-2021.pdf, https://www.youtube.com/watch?v=nMnHBnYfIaI&t=27509s
XMGoat – https://www.xmcyber.com/xmgoat-an-open-source-pentesting-tool-for-azure/
Kubestriker – https://github.com/vchinnipilli/kubestriker
Certified Kubernetes Security Specialist – CKS – https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
Outro
That’s all for this episode. Thank you for listening and have a secure day!