[tl;dr sec] #170 - Prototype Pollution, Fuzzing, SOC Metrics • How to use granular geographic match rules with AWS WAF • How to monitor and query IAM resources at scale – Part 2 • How to monitor and query IAM resources at scale – Part 1 • Top 2022 AWS data protection service and cryptography tool launches • internetmonitor: 4 updated actions, 2 updated resources • ecs: 1 new action | 1 updated action • resiliencehub: 13 new actions • fwd:cloudsec 2023 • How to monitor and query IAM resources at scale – Part 1 | Amazon Web Services • A role for all your EC2 instances • Create a Console Session from IAM Credentials - Hacking The Cloud • I published a blog post (and PoC CLI) describing how the new Systems Manager Default Host Management Configuration (what a mouthful) provides a new way to pass an IAM role to all EC2 instances in your account+region - even those without instance profiles. <a href="https://t.co/qwsZp4rMHV" target="_blank">awsteele.com/blog/2023/02/2…</a> • I am in constant awe of Aidan's ability to quickly jump onto a new feature, figure out how it works, develop a new tool that uses that, write a blog post, and in this case communicate findings to AWS security and create a diagram! This was 75 hours from announcement to all this! • It’s not S3 ransomware unless it comes from the global region of AWS. Otherwise, it’s just “sparkling bucket encryption events”. • 🗒️ <a href="https://twitter.com/owasp" target="_blank">@owasp</a> Kubernetes Top 10 Broken down into 3 categories in order of likelihood: 1️⃣ Misconfigurations 2️⃣ Lack of visibility 3️⃣ Vulnerability management Risks, mitigations, and lots of relevant tools By <a href="https://twitter.com/sysdig" target="_blank">@sysdig</a> <a href="https://t.co/Qx32pBwtLg" target="_blank">sysdig.com/blog/top-owasp…</a> • Managing IAM resources or building security solutions to monitor them. You will want to read these two blog posts on everything IAM APIs👇 • The latest in prototype pollution 🧵 <a href="https://twitter.com/hashtag/bugbounty" target="_blank">#bugbounty</a> <a href="https://twitter.com/hashtag/bugbountytips" target="_blank">#bugbountytips</a> • 🎫 Ticket date announcement! 🎫 fwd:cloudsec tickets will be on sale in two batches on Feb 27 11:59AM ET and Feb 27 11:59PM ET! No inflation here… tickets will continue to be $100 this year. <a href="https://t.co/lpX9z5lE5Z" target="_blank">eventbrite.com/e/556255303587/</a> • AWS APIs now have at least three methods (let me know which ones I'm missing!) of authentication by asymmetric crypto: 1. SigV4A uses the `Authorization` header with algorithm AWS4-ECDSA-P256-SHA256. The key is derived from the AWS access key. • I reimplemented aws-whoami in <a href="https://twitter.com/hashtag/golang" target="_blank">#golang</a> (from python), so it's a plain binary rather than needing a pip install. It's tidier than plain `aws sts get-caller-identity` (and additionally gets the account name!)—and of course miles better than `aws s3 ls` <a href="https://t.co/dWOY8z2VBI" target="_blank">github.com/benkehoe/aws-w…</a> • It's the same with code. Accepting that there's lots of text that needs to exist in your program but will be written by AI, is just categorically worse than evolving programming languages to allow more terse expression • EC2 naming explained • Amazon Athena quietly got a lot better — Engine version 3 • Amazon EKS now support Kubernetes version 1.25 • $300k bill after AWS account hacked! • AWS EC2 IMDS – What You Need to Know - Security Boulevard • The dangers of rogue and abandoned AWS accounts - Security Boulevard • AWS IP Ranges update for 2023-02-17 00:13:06 • AWS IP Ranges update for 2023-02-17 17:13:06