Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 and http://blackwombat.com .

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security.

All the URLs for the news, articles and tools can be found here: http://blackwombat.com/2021/11/08/dragon-cloud-security-podcast-s01e11/

That’s all for this episode. Thank you for listening and have a secure day!

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597
This episode: http://blackwombat.com/2021/11/03/dragon-cloud-security-podcast-s01e10/

Abusing Registries For Exfil And Droppers - https://www.antitree.com/2021/10/abusing-registries-for-exfil-and-droppers/

 Kaspersky's stolen Amazon SES token used in Office 365 phishing - https://www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/

 AWS SSO Tutorial with Google Workspace (Gsuite) as an IdP Step-by-Step - https://www.cloudquery.io/blog/aws-sso-tutorial-with-google-workspace-as-an-idp

 Introducing Quiet Riot - https://blog.traingrc.com/introducing-quiet-riot-c595cfa629e

 Protect your open source project from supply chain attacks - https://opensource.googleblog.com/2021/10/protect-your-open-source-project-from-supply-chain-attacks.html?m=1

 Adding Location To Azure AD MFA - https://c7solutions.com/2021/10/adding-location-to-azure-ad-mfa

 MFA AUTHENTICATOR: FOREVER! - https://call4cloud.nl/2021/10/mfa-authenticator-forever/

 Container Breakouts – Part 2: Privileged Container - https://blog.nody.cc/posts/container-breakouts-part2/

 Keynote: Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supp... Trevor Rosen - https://www.youtube.com/watch?v=1-tMRxqMwTQ

 Microsoft Information Protection (MIP) Ninja Training - https://techcommunity.microsoft.com/t5/security-compliance-and-identity/the-microsoft-information-protection-mip-ninja-training-is-here/ba-p/2887478

 Azure Policy-as-Code Pattern Documentation - https://globalbao.github.io/azure-policy-as-code/

 Best practices for deploying highly available apps in Kubernetes. Part 1 - https://blog.flant.com/best-practices-for-deploying-highly-available-apps-in-kubernetes-part-1/

 Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner - https://sidechannel.blog/en/enumerating-services-in-aws-accounts-in-an-anonymous-and-unauthenticated-manner/index.html

 AZURE SENTINEL INTERNALS: INCIDENTS - https://emptydc.com/2021/10/28/azure-sentinel-internals-incidents/

 Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD - https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover

 Protect your business from password sprays with Microsoft DART recommendations - https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/

 A Hands-On Intro to Semgrep's Autofix - https://parsiya.net/blog/2021-10-25-a-hands-on-intro-to-semgreps-autofix/

 Achieving least-privilege at FollowAnalytics with Repokid, Aardvark and ConsoleMe - https://medium.com/followanalytics/granting-least-privileges-at-followanalytics-with-repokid-aardvark-and-consoleme-895d8daf604a

semgrep-rules - https://github.com/returntocorp/semgrep-rules

MFASweep - https://github.com/dafthack/MFASweep

decode-spam-headers.py - https://github.com/mgeeky/decode-spam-headers

driftctl - https://github.com/cloudskiff/driftctl

camp - https://github.com/tenchi-security/camp

AWS Secure Environment Accelerator - https://github.com/aws-samples/aws-secure-environment-accelerator

Hcltm - https://github.com/xntrik/hcltm

That’s all for this episode. Thank you for listening and have a secure day!

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Team TNT Deploys Malicious Docker Image On Docker Hub - https://www.uptycs.com/blog/team-tnt-deploys-malicious-docker-image-on-docker-hub-with-pentesting-tools

 Attacking and Securing CI/CD Pipeline - https://speakerdeck.com/rung/cd-pipeline, https://github.com/rung/threat-matrix-cicd

 Github Actions Security Best Practices - https://engineering.salesforce.com/github-actions-security-best-practices-b8f9df5c75f5

 GitHub Actions for security and compliance - https://github.blog/2021-10-22-github-actions-for-security-compliance/

 How to improve your Docker containers security [cheat sheet included] - https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet/

 Container security best practices: Comprehensive guide - https://sysdig.com/blog/container-security-best-practices/

 Securing Kubernetes Secrets with Conjur - https://www.infracloud.io/blogs/securing-kubernetes-secrets-conjur/

 Introducing the new Azure SDK Resource Management Libraries for .NET - https://devblogs.microsoft.com/azure-sdk/introducing-the-new-azure-sdk-resource-management-libraries-for-net/

 A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection - https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/

 Protecting Microsoft 365 from on-premises attacks - https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/protect-m365-from-on-premises-attacks

 Franken-phish: TodayZoo built from other phishing kits - https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/

 Microsoft 365 will get support for custom ARC configurations - https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-support-for-custom-arc-configurations/

 Managing permissions for Log Analytics and Workbooks - https://msendpointmgr.com/2021/10/23/managing-permissions-for-log-analytics-and-workbooks/

 Malware found in npm package with millions of weekly downloads - https://therecord.media/malware-found-in-npm-package-with-millions-of-weekly-downloads/

 Discourse SNS webhook RCE - https://0day.click/recipe/discourse-sns-rce/

Grype - https://github.com/anchore/grype

 AWS Lambda - IAM Access Key Disabler - https://github.com/te-papa/aws-key-disabler

 KubExplorer - https://github.com/Pscheidl/kubexplorer

 Failed logon attempts originating from public IP addresses - https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Failed%20Logon%20-%20Public%20IP.md

 RBAC Tool For Kubernetes - https://github.com/alcideio/rbac-tool

 VirusTotal Behavior with Microsoft Sysmon Detonation - https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/VirusTotal%20File%20Behavior%20Explorer%20-%20MS%20and%20Sysmon%20detonation.ipynb

That’s all for this episode. Thank you for listening and have a secure day!

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Automating the deployment of Sysmon for Linux and Azure Sentinel in a lab environment - https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054

 The @fwdcloudsec 2021 talk videos are now up on YouTube - https://www.youtube.com/playlist?list=PLCPCP1pNWD7Ofg8prNuVasGIwkKB3Ejhw

 Kubernetes Security Notebooks - https://github.com/thomasfricke/training-kubernetes-security

 H4ck1ng Kubern3tes Book - https://hacking-kubernetes.info/

 Kubernetes Security Checklist and Requirements - https://github.com/Vinum-Security/kubernetes-security-checklist

 5 common Kubernetes misconfigs and how to fix them - https://bridgecrew.io/blog/5-common-kubernetes-misconfigs-and-how-to-fix-them/

 Bypassing required reviews using GitHub Actions - https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7

 AWS WAF's Dangerous Defaults - https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/

 CREATING A MALICIOUS AZURE AD OAUTH2 APPLICATION - https://www.trustedsec.com/blog/creating-a-malicious-azure-ad-oauth2-application/

 Building an end-to-end Kubernetes-based DevSecOps software factory on AWS - https://aws.amazon.com/blogs/devops/building-an-end-to-end-kubernetes-based-devsecops-software-factory-on-aws/

 Implementation of DevSecOps for a Microservices-based Application with Service Mesh - https://csrc.nist.gov/publications/detail/sp/800-204c/draft

 TwitchLeak from AWS Security Consultant view- https://twitter.com/zoph/status/1446474797693628424

 The Threat of Ransomware to S3 Buckets - https://ermetic.com/blog/aws/new-research-the-urgent-threat-of-ransomware-to-s3-buckets/

 Centralised audit logs in GCP in a secure environment with VPC Service Controls - https://medium.com/google-cloud/centralised-audit-logs-in-gcp-in-a-secure-environment-with-vpc-service-controls-5a25cd00441

 Azure Privilege Escalation via Service Principal Abuse - https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5

 Designing Least Privilege AWS IAM Policies for People - https://www.iampulse.com/t/designing-least-privilege-aws-iam-policies-for-people

 Remotely Access your Kubernetes Lab with Cloudflare Tunnel - https://www.marcolancini.it/2021/blog-kubernetes-lab-cloudflare-tunnel/

 Hacking AWS end-to-end – remastered - https://www.youtube.com/watch?v=8ZXRw4Ry3mQ

 Use Kubescape to check if your Kubernetes clusters are exposed to the latest K8s Symlink vulnerability (CVE-2021-25741) - https://www.armosec.io/blog/kubescape-checks-if-kubernetes-exposed-to-k8s-symlink-vulnerability-cve202125741

KQL query to detect HandleKatz - https://bluepurple.substack.com/p/bluepurple-pulse-week-ending-october-517

 Snowcat - https://github.com/praetorian-inc/snowcat

 Minik8s-ctf - https://github.com/quarkslab/minik8s-ctf

And a good news before I end the podcast. The podcast has reached 215 downloads! Thanks everyone for listening!

That’s all for this episode. Thank you for listening and have a secure day!

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

kdigger: a Context Discovery Tool for Kubernetes - https://blog.quarkslab.com/kdigger-a-context-discovery-tool-for-kubernetes.html

Azure AD and Windows Hello: SSO to on-premise resources - https://katystech.blog/2021/10/azure-ad-and-windows-hello-sso-to-on-premise-resources/

CVE-2021-26420: REMOTE CODE EXECUTION IN SHAREPOINT VIA WORKFLOW COMPILATION - https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation

Understanding Azure Logs from a security perspective — Part 2 — NSG Flow Logs - https://davidokeyode.medium.com/understanding-azure-logs-from-a-security-perspective-part-2-nsg-flow-logs-3edc5c42f39a

4 Weird Google VRP Bugs in 40 Minutes - Hacktivity 2021 - https://www.youtube.com/watch?v=nP_y-Z-FXr0

AWS Backup adds an additional layer for backup protection with the availability of AWS Backup Vault Lock - https://aws.amazon.com/about-aws/whats-new/2021/10/aws-backup-backup-protection-aws-backup-vault-lock/

Time to Move Off Exchange Online DLP Policies - https://practical365.com/time-migrate-exchange-dlp-policies/

Common Conditional Access policies - https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common

How to use Azure Monitor workbooks for Azure Active Directory reports - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks

Microsoft MFA Adoption Numbers - https://twitter.com/ryanaraine/status/1446182370336403456

Drift detection tools: Terraform vs CloudFormation vs Bridgecrew - https://bridgecrew.io/blog/drift-detection-tools-terraform-vs-cloudformation-vs-bridgecrew/

$5000 Google IDOR Vulnerability Writeup - https://infosecwriteups.com/5000-google-idor-vulnerability-writeup-c7b45926abe9

A Closer Look at NSA/CISA Kubernetes Hardening Guidance - https://kubernetes.io/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/

Engineering Teams Are Just Networks - https://bellmar.medium.com/engineering-teams-are-just-networks-1fc16058879a

Reverse engineering and decrypting CyberArk vault credential files - https://jellevergeer.com/reverse-engineering-and-decrypting-cyberark-vault-credential-files/

Serverless Policy Enforcement: Connecting OPA and AWS Lambda - https://blog.openpolicyagent.org/serverless-policy-enforcement-connecting-opa-and-aws-lambda-e624f7176a3

Protect Your GitHub Actions with Semgrep - https://r2c.dev/blog/2021/protect-your-github-actions-with-semgrep/

Org Policies by default - https://medium.com/google-cloud/org-policies-by-default-3adc0c8925b0

Encryption with Transit Data Keys - https://medium.com/hashicorp-engineering/encryption-with-transit-data-keys-bfe5241ae194

CFN-diagram - https://github.com/mhlabs/cfn-diagram

CLI tool to visualise CloudFormation/SAM/CDK templates as diagrams.

That’s all for this episode. Thank you for listening and have a secure day!

Cloud Security Podcast – S01E05

URLs Only

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Introducing the Ransomware Risk Management on AWS Whitepaper - https://aws.amazon.com/blogs/security/introducing-the-ransomware-risk-management-on-aws-whitepaper/

Configuring RBAC in Kubernetes - https://kubelist.com/issue/142/

Breaking Azure AD joined endpoints in zero-trust environments - https://www.youtube.com/watch?v=OigKnI68Sfo

Detect Audit Policy Modifications with Microsoft 365 Defender - https://www.verboon.info/2021/09/detect-audit-policy-modifications-with-microsoft-365-defender/

Verify Container Image Signatures in Kubernetes using Notary or Cosign or both - https://medium.com/sse-blog/verify-container-image-signatures-in-kubernetes-using-notary-or-cosign-or-both-c25d9e79ec45

Configuring Office 365 settings using PowerShell – The non-supported way - https://evotec.xyz/configuring-office-365-settings-using-powershell-the-non-supported-way/, https://github.com/EvotecIT/O365Essentials

Can’t Contain Poop — Container Security CTF - https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e

Undetected Azure Active Directory Brute-Force Attacks - https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks

Attacks on Azure AD and M365: Pawning the cloud, PTA Skeleton Keys and more - PART II - https://www.inversecos.com/2021/10/attacks-on-azure-ad-and-m365-pawning.html

The Trystero Project - https://labs.inquest.net/trystero

Integrate Azure AD logs with Azure Monitor logs - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics

How To Build Strong Security Guardrails in the AWS Cloud With Minimal Effort - https://markn.ca/2021/how-to-build-strong-security-guardrails-in-the-aws-cloud-with-minimal-effort/

Validate IAM policies in CloudFormation templates using IAM Access Analyzer - https://aws.amazon.com/blogs/security/validate-iam-policies-in-cloudformation-templates-using-iam-access-analyzer/

Cloud Audit Academy - https://www.aws.training/Details/eLearning?id=41556

Azure Service Authentication and Authorization table - https://github.com/jsa2/aad-auth-n-z/blob/main/readme.md

Practicing AWS security with IAMVulnerable - Part 2 and 3 - https://s3cur3.it/home/practicing-aws-security-with-iamvulnerable-part-2, https://s3cur3.it/home/practicing-aws-security-with-iamvulnerable-part-3

Automated Cloud Advisor - https://disneystreaming.github.io/automated-cloud-advisor/docs/start.html

Azure AD - Allow or block invitations to B2B users - https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Azure%20AD%20-%20B2B%20policy%20changes%20-%20AllowedDomains.md

Azure AD Logon Brute-Force Tools- https://github.com/knavesec/CredMaster/blob/master/plugins/azuresso/azuresso.py, https://github.com/treebuilder/aad-sso-enum-brute-spray/blob/14b2bb72fd1238552c417e22f9e799b07d33fc35/aad-sso-enum-brute-spray.ps1, https://github.com/nyxgeek/AzureAD_Autologon_Brute

Rover - https://github.com/im2nguyen/rover

That’s all for this episode. Thank you for listening and have a secure day!

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Basic Authentication for All Exchange Online Tenants Stops in October 2022 - https://office365itpros.com/2021/09/24/basic-authentication-exchange-online-tenants-stops-october-2022/

AWS WorkSpaces Remote Code Execution - https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/

Revisiting Lambda Persistence - https://frichetten.com/blog/revisiting_lambda_persistence/

The Fault in Our Stars: Security Implications of AWS API Gateway Lambda Authorizers and IAM Wildcard Expansion - https://www.tenchisecurity.com/blog/thefaultinourstars

Announcing the winners of the 2020 GCP VRP Prize - https://security.googleblog.com/2021/03/announcing-winners-of-2020-gcp-vrp-prize.html

Common AWS Security Vulnerabilities - https://twitter.com/devansh3008/status/1441071846011465731

How AWS dumps the mental burden of inconsistent APIs on developers - https://www.lastweekinaws.com/blog/how-aws-dumps-the-mental-burden-of-inconsistent-apis-on-developers/

VMware CVE-2021-22005 Technical & Impact analysis - https://censys.io/blog/vmware-cve-2021-22005-technical-impact-analysis/, https://gist.github.com/testanull/c2f6fd061c496ea90ddee151d6738d2e, https://testbnull.medium.com/quick-note-of-vcenter-rce-cve-2021-22005-4337d5a817ee

AWS Economic Investment Study - #AWS Investment in New Zealand - https://twitter.com/jeffbarr/status/1441069455316897795, https://anz-resources.awscloud.com/new-aws-region-in-aotearoa-new-zealand/aws-investment-in-new-zealand-aws-economic-impact-study

Amazon Detective supports S3 and DNS finding types, adds finding details - https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-detective-s3-dns/

Stream Azure AD Identity Protection events to Azure Sentinel/ Log Analytics - https://jeffreyappel.nl/stream-azure-ad-identity-protection-events-to-azure-sentinel-log-analytics/

IAM roles for Kubernetes service accounts - deep dive - https://mjarosie.github.io/dev/2021/09/15/iam-roles-for-kubernetes-service-accounts-deep-dive.html

Deploy multi-cloud, Zero Trust Kubernetes in less than an hour - https://netfoundry.io/multi-cloud-kubernetes-zero-trust/

Secure containerized environments with updated threat matrix for Kubernetes - https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/

Extracting all the Azure Passwords - Karl Fosaaen (DEF CON 29 - Cloud Village) - https://www.youtube.com/watch?v=CUTwkuiRgqg

DEF CON 29 Cloud Village - Felipe Pr0teus - Hunting for AWS Exposed Resources - https://www.youtube.com/watch?v=uLI24keCKFs

Azure Sentinel Notebooks Ninja series released - https://twitter.com/rodtrent/status/1439964596299870213

September 2021 update for Microsoft 365 Security for IT Pros - https://twitter.com/vanhybrid/status/1440017512142364675

Auditing used Power Automate Connections - https://365bythijs.be/2021/09/20/auditing-used-power-automate-connections/

Azure AD Conditional Access Policy Design Baseline with Automatic Deployment Support - https://danielchronlund.com/2020/11/26/azure-ad-conditional-access-policy-design-baseline-with-automatic-deployment-support/

Gitoops - https://github.com/ovotech/gitoops/

That’s all for this episode. Thank you for listening and have a secure day!

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution - https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution; https://github.com/horizon3ai/CVE-2021-38647

Office365 Attacks: Bypassing MFA, Achieving Persistence and More - https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html

PUBLIC SHAREPOINT SITES – THE NEW OPEN SHARES - https://zolder.io/public-sharepoint-sites-the-new-open-shares/

Rory Kubernetes Security - https://www.youtube.com/watch?v=3ulsQzRHoLk&t=15573s

Azure Sentinel – Detect Service Connection use outside of pipeline - https://securecloud.blog/2021/09/15/azure-sentinel-detect-service-connection-use-outside-of-pipeline/

Fwdsec Security Guardrails at Scale in Azure - https://www.youtube.com/watch?v=JtiLnIUmUic&t=9632s

Disaster recovery compliance in the cloud, part 2: A structured approach - https://aws.amazon.com/blogs/security/disaster-recovery-compliance-in-the-cloud-part-2-a-structured-approach/

The passwordless future is here for your Microsoft account - https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/; https://twitter.com/FallonTonight/status/1438880436185305088

Hunters Research: Detecting Obfuscated Attacker IPs in AWS - https://www.hunters.ai/blog/hunters-research-detecting-obfuscated-attacker-ip-in-aws

A Kubernetes engineer’s guide to mTLS - https://buoyant.io/mtls-guide/

AWS federation comes to GitHub Actions - https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html

Escalating Azure Privileges with the Log Analytics Contributor Role - https://www.netspi.com/blog/technical/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/

Protect your remote workforce by using a managed DNS firewall and network firewall - https://aws.amazon.com/blogs/security/protect-your-remote-workforce-by-using-a-managed-dns-firewall-and-network-firewall/

Discover sensitive Key Vault operations with Azure Sentinel - https://zimmergren.net/sensitive-key-vault-operations-with-azure-sentinel/

Policy as Code: the future is bright - https://cybercto.substack.com/p/policy-as-code-the-future-is-bright

Penetration Testing Azure for Ethical Hackers - https://twitter.com/NetSPI/status/1438564622425014274

Anatomy of a Cloud Infrastructure Attack via a Pull Request - https://goteleport.com/blog/hack-via-pull-request/

THE MAGNIFICENT ASR RULES - https://call4cloud.nl/2020/07/the-magnificent-asr-rules/#part4

HTB Sink - https://0xdf.gitlab.io/2021/09/18/htb-sink.html

Travis CI Security Bulletin - https://twitter.com/peter_szilagyi/status/1437646118700175360

oidc-auth-google-cloud - https://github.com/sethvargo/oidc-auth-google-cloud

Go365 - https://github.com/optiv/Go365

AzureHunter - https://github.com/darkquasar/AzureHunter

That’s all for this episode. Thank you for listening and have a secure day!

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

I Analysed 100+ Cloud Job Descriptions: Here's What I Discovered - https://www.youtube.com/watch?v=IjYo-LS6lVY

IAM Vulnerable - An AWS IAM Privilege Escalation Playground - https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground

GODFATHER OF LOGGING - https://call4cloud.nl/2021/09/godfather-of-logging/

THE CONDITIONAL ACCESS EXPERIMENT - https://call4cloud.nl/2020/11/the-conditional-access-experiment/

THE DEATH OF COMPLIANCE - https://call4cloud.nl/2021/08/the-death-of-compliance/

RCE in Jira Service Management Server - https://github.com/PetrusViet/CVE-2021-39115

Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances - https://unit42.paloaltonetworks.com/azure-container-instances/ ; https://davidokeyode.medium.com/09-09new-azure-container-instance-vulnerability-what-to-do-188502d9ca29

Require Device Compliance for the non-primary user - https://365bythijs.be/2021/09/08/require-device-compliance-for-the-non-primary-user/

gcpHound : A Swiss Army Knife Offensive Toolkit for Google Cloud Platform (GCP) - https://desi-jarvis.medium.com/gcphound-a-swiss-army-knife-offensive-toolkit-for-google-cloud-platform-gcp-fb9e18b959b4

Accessing AZ CLI remotely via NodeJS express app - https://securecloud.blog/2021/09/07/demo-accessing-az-cli-remotely-via-nodejs-express-app/

An exciting journey to find SSRF, Bypass Cloudflare, and extract AWS metadata! - https://infosecwriteups.com/an-exciting-journey-to-find-ssrf-bypass-cloudflare-and-extract-aws-metadata-fdb8be0b5f79

How to Inject Secrets from AWS, GCP, or Vault Into a Kubernetes Pod - https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892

Automate Your Security in GCP with Serverless Computing - https://www.youtube.com/watch?v=jCQTeglIfeI

Azure Defenses for Ransomware Attack - https://azure.microsoft.com/en-us/resources/azure-defenses-for-ransomware-attack/

Cloud-Native Attacks on Availability: How Ransomware Can Follow You to the Cloud - https://www.brighttalk.com/webcast/10415/502092

Swimming past 2FA, part 2: How to investigate Okta compromise - https://expel.io/blog/swimming-past-2fa-part-2-investigate-okta-compromise/

Bypassing GCP Org Policy with Custom Metadata - https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html

• AWSXenos - https://github.com/AirWalk-Digital/AWSXenos
• IAM Vulnerable - https://github.com/BishopFox/iam-vulnerable
• Azure Outlook C2 - https://github.com/boku7/azureOutlookC2
• Outside Office Hours activity - https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Sign-in%20-%20Auditlog%20outside%20office%20hours.md
• OPENCSM - https://github.com/OpenCSPM/opencspm
• Magpie - https://github.com/openraven/magpie
• Cloudsploit - https://github.com/aquasecurity/cloudsploit
• Cloud Custodian - https://github.com/cloud-custodian/cloud-custodian
• Principal Mapper - https://github.com/nccgroup/PMapper
• SHAREPOINT PERMISSION AUDITING - https://www.lieben.nu/liebensraum/2021/09/sharepoint-permission-auditing/

That’s all for this episode. Thank you for listening and have a secure day!