*?*?‍?*? *Attack Paths Into VMs in the Cloud

Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths.

https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/

#aws #azure #gcp

*? *Publicly Exposed AWS SSM Command Documents
An analysis of the thousands of public SSM Command documents, including identification of secret leakage.https://ramimac.me/ssm-command-docs
#aws

*? AWS OIDC Provider Enumeration*A post expanding on Nick Frichette's discovery of enumerable OIDC providers in AWS using the known_aws_accounts dataset.https://ramimac.me/oidc-provider-enum
#aws

*? Integrate Kubernetes policy-as-code solutions into Security Hub*

A solution to send policy violations from PaC solutions using Kubernetes policy report format (for example, using Kyverno) or from Gatekeeper's constraints status directly to AWS Security Hub.

https://aws.amazon.com/ru/blogs/security/integrate-kubernetes-policy-as-code-solutions-into-security-hub/

(Use VPN to open from Russia)
#aws

*?‍? *New Microsoft guidance for the DoD Zero Trust Strategy
A Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.

https://www.microsoft.com/en-us/security/blog/2024/04/16/new-microsoft-guidance-for-the-dod-zero-trust-strategy/

#azure

*? S3 Bucket Encryption Doesn't Work The Way You Think It Works*
Let's try all the different S3 encryption options, see why it's more like access control than encryption, and why that matters.

https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/

#aws

*? *Detecting and remediating inactive user accounts with Amazon Cognito

A solution that uses serverless technologies to track and disable inactive user accounts.

https://aws.amazon.com/ru/blogs/security/detecting-and-remediating-inactive-user-accounts-with-amazon-cognito/

#aws

*? *Muddled Libra's Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.

https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/

#aws

*? (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup*

The author reviews infrastructure decisions over four years at a startup, covering successful choices and regrets, emphasizing AWS, EKS, managed services, automation, and the value of early adoption and GitOps.

https://cep.dev/posts/every-infrastructure-decision-i-endorse-or-regret-after-4-years-running-infrastructure-at-a-startup/

#aws