Clint at tl;dr secFeb 16
20
Monday February, 2023
📣 Sponsor
Achieve least privilege with just-in-time access and intelligent approvals.
Sym streamlines just-in-time access so your developers can move quickly while your security team avoids overload.
Integrate directly with AWS IAM Identity Center or your IdP and use Sym's SDK to customize access workflows to meet your specific security and compliance needs.
🐿 In a nutshell
A few days ago, I had the opportunity to chat with Andreas.
Before we jump into the latest episode of the AWS Toolkit series by 🧑🚀cloudonaut, I would like to apologize for the subpar quality of my video and audio.
Regarding the audio specifically, I assure you that I am not using a potato 🥔 for a microphone.
All kidding aside, if you are interested in optimizing your AWS costs and learning more about detecting waste on #AWS, I highly recommend checking out 💸 unusd.cloud (my saas product) and the AWS Toolkit series by cloudonaut.
Happy learning!
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSNetworkFirewallServiceRolePolicy
- AWSPrivateCAAuditor
- AWSPrivateCAFullAccess
- AWSPrivateCAPrivilegedUser
- AWSPrivateCAReadOnly
- AWSPrivateCAUser
- AmazonInspector2ServiceRolePolicy
- AmazonRDSCustomPreviewServiceRolePolicy
- AmazonSageMakerPipelinesIntegrations
- Route53RecoveryReadinessServiceRolePolicy
📊 Pool of the week
Q: The decision was made to place database hosts in their own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database. Which network troubleshooting steps should be taken to resolve the issue?
Past week pool:
Q: An application team is designing a solution with two applications. The security team wants the applications' logs to be captured in two different places, because one of the applications produces logs with sensitive data. What solution meets the requirement with the LEAST risk and effort?
Answer: B (23/26 votes) 🎉
[tl;dr sec] #169 - Top 10 Web Hacking Techniques of 2022, Finding Malicious Dependencies
AWS Notification Message
GuardDutyAnnouncementsFeb 14
AWS completes CCAG 2022 pooled audit by European FSI customers
Manuel MazarredoFeb 17
We are excited to announce that Amazon Web Services (AWS) has completed its annual Collaborative Cloud Audit Group (CCAG) Cloud Community audit with European financial service institutions (FSIs). Security at AWS is the highest priority. As customers embrace the scalability and flexibility of AWS, we are helping them evolve security, …
AWS now licensed by DESC to operate as a Tier 1 cloud service provider in the Middle East (UAE) Region
Ioana MecuFeb 15
We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that our Middle East (UAE) Region is now certified by the Dubai Electronic Security Centre (DESC) to operate as a Tier 1 cloud service provider (CSP). This alignment with DESC …
AWS Security Profile: Jana Kay, Cloud Security Strategist
Roger ParkFeb 14
In the AWS Security Profile series, we interview Amazon Web Services (AWS) thought leaders who help keep our customers safe and secure. This interview features Jana Kay, Cloud Security Strategist. Jana shares her unique career journey, insights on the Security and Resiliency of the Cloud Tabletop Exercise (TTX) program, thoughts …
How to visualize IAM Access Analyzer policy validation findings with QuickSight
Mostefa BrouguiFeb 13
In this blog post, we show you how to create an Amazon QuickSight dashboard to visualize the policy validation findings from AWS Identity and Access Management (IAM) Access Analyzer. You can use this dashboard to better understand your policies and how to achieve least privilege by periodically validating your IAM …
kms: 1 new condition
Feb 18
1 new condition: kms:RecipientAttestation:PCR (Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the platform configuration registers (PCRs) in the attestation document in the request)
amplify: 1 new resource | 3 updated actions
Feb 18
1 new resource: webhooks; 3 updated actions: DeleteWebHook (resources), GetWebHook (resources), UpdateWebHook (resources)
frauddetector: 5 new actions, 1 new resource
Feb 18
5 new actions: CreateList (Grants permission to create a list), DeleteList (Grants permission to delete a list), GetListElements (Grants permission to get elements of a list), GetListsMetadata (Grants permission to get metadata about lists), UpdateList (Grants permission to update a list); 1 new resource: list
Clint Gibler @clintgibler
📖 @Burp_Suite Certified Practitioner Exam Study Notes
Covering:
* Gaining a foothold
* Privilege escalation
* Data exfiltration
+ more
#bugbounty #bugbountytips
github.com/botesjuan/Burp…
196
75Feb 15 · 7:00 PM
Nick Frichette - @frichetten@fosstodon.org @Frichette_n
Incredible news! hackingthe.cloud has hit 1,000 stars on GitHub! I really appreciate the community support and all of the amazing contributors!
15949Feb 14 · 9:46 PM Clint Gibler @clintgibler
🗄️ Secrets Patterns Database
Over 1,600 regexes for detecting secrets, passwords, API keys, tokens, and more.
By @mazen160 #bugbounty #bugbountytips
github.com/mazen160/secre…
14154Feb 13 · 5:00 PM
rowan @elrowan
I’ve been really bad a publicising this, but awsiamguide.com is almost out of draft status! v1.0 should be ready this coming week 🤞
Editing and marketing are not my strongest skills... 😅
6412Feb 18 · 3:31 AM
Ben Kehoe @ben11kehoe
Tempted to add an SCP blocking s3:ListAllMyBuckets when the user agent is the CLI just to teach people to use `aws sts get-caller-identity` instead (it has no IAM action so it always works)
Massimo Re Ferrè (@mreferre@awscommunity.social) @mreferre
‘aws s3 ls’ only exists to check if you have valid credentials.
667Feb 16 · 1:29 AM
Scott Piper @0xdabbad00
The AWS CIRT's advocacy for MFA Delete is an example of "Spreading the disease and selling the cure" Using that feature will result in breaches because it requires the root user, access keys, IAM users, and TOTP MFA. There are better solutions. AWS should remove that guidance.
AWS Blog Unofficial. @AWSBlogUnreal
The AWS Security, Identity & Compliance Blog #AWSSecurity
aws.amazon.com/blogs/security…
By: Megan O'Neil, Kyle Dickinson and Karthik Ram
337Feb 14 · 4:31 PM
Kinnaird McQuade 💻☁️💥 @kmcquade3
Me sending early access/beta testing emails for our first product release today 😅
280Feb 16 · 8:31 AM
Aidan W Steele @__steele
What MTU can you use to connect to S3 via a VPC endpoint? Does it depend on the type of VPC endpoint? I can see that PrivateLink is limited to 8500, so can you use that with an interface endpoint for S3? Can a gateway endpoint use an MTU of 9001?
214Feb 18 · 5:46 AM
Ian Mckay @iann0036
Shutting down a 10 year old server that hosted a bunch of my legacy (mostly PHP) work. So long, old friend.
230Feb 20 · 12:02 PM
AWS IP Ranges update for 2023-02-13 19:13:08
Changed by 0
Added 172.103.41.0/24
Removed 3.4.9.0/24
Added 172.103.41.0/24
Removed 3.4.9.0/24
AWS IP Ranges update for 2023-02-13 22:13:07
Changed by -256
Removed 172.103.41.0/24
Removed 172.103.41.0/24
- 🖊️ Don't miss out on the latest industry insights - stay ahead of the game by subscribing
- 📢 Gain visibility for your brand by sponsoring our content
- 💌 If you have any suggestions for future topics, let us know
