🎤 fwd:cloudsec North America 2024 highlights

The best cloud security conference in the world has just wrapped up, and it was incredible. There’s nothing like it for practitioners who want to learn, mingle, and avoid the lustful gaze of salespeople. There’s a European version running for the first time in September. If it’s half as good, it will be worthwhile attending.

All the presentations are up on YouTube, but here are the AWS ones you can't afford miss:

• Trust Me Bro: Preexisting Trust is the New Initial Access Vector - Nick Frichette

  Nick details his journey identifying and reporting cross-tenant security issues in AppSync and Amplify. The vulnerabilities were cool but what made this the talk of the conference was the thorough explanation of the findings end to end.

• Get into AWS security research as a n00bcake - Daniel Grzelak

  Every cloud security practitioner could benefit from doing a little research and this talk will get you started. Ignore the silly cake costume, and focus on the flurry of practical tips to go from feeling like research is only for the elite to publishing your work in under a week.

• The EKS Hacking Playbook: Lessons From 3 Years of Cloud Security Research

  Another presentation that uses real world vulnerabilities to teach general concepts, this time about EKS. It’s less about Kubernetes and more about what can go wrong in the way Kube plays with AWS.

• From Intrusion to Insight: Lessons learned from of a month long AWS compromise - Korstiaan Stam

  There’s a lot of posturing in cloud security about what “could” go wrong. This walkthrough of an actual incident is a welcome reality check on how attackers work in the real world.

• Open-Sourcing AWS Pentest Methodology - Lizzie Moratti

  Lizzie has built an opinionated framework for security testing AWS environments. Now she needs our help to open source it and drive adoption. Reach out to her directly if you want to be involved.

📋 Chef's weekly selections

1. Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets

   Martin McCloskey takes us inside an attack campaign enumerating secrets, S3 buckets, and S3 Glacier vaults. Lot’s of tactics, techniques, and procedures (TTPs) in this one for those into detection and response.

2. AWS OIDC Provider Enumeration

   Rami McCarthy took the challenge to do AWS security research to heart and published some code to find which vendors have Github Actions OIDC configured.

3. AWS’s head of security shares 7 reasons why security will always be Amazon’s top priority

   This article focuses on how Amazon thinks about AI, innovation, and security culture. It reads a little as if it was written for SEO juice but there are some good nuggets in there for security leaders.

🥗 AWS security blog

• CISPE Data Protection Code of Conduct Public Register now has 113 compliant AWS services
• AWS HITRUST Shared Responsibility Matrix v1.4.3 for HITRUST CSF v11.3 now available
• SaaS tenant isolation with ABAC using AWS STS support for tags in JWT

🧁 IAM permission changes

• connect: 4 new actions, 1 new resource
• compute-optimizer: 3 new actions | 3 updated actions
• cloudshell: 1 new action, 3 new conditions | 1 updated action
• bedrock: 1 new action
• sagemaker-mlflow: 45 new actions, 1 new resource
• macie2: 2 new actions
• sagemaker: 8 new actions, 1 new resource | 3 updated actions
• servicediscovery: 1 updated action
• kms: 1 new action, 1 new condition

🍔 AWS API Changes

• Amazon Bedrock Runtime - 2 updated methods - This release adds document support to Converse and ConverseStream APIs
• CodeArtifact - 24 updated methods - Add support for the Cargo package format.
• AWS Compute Optimizer - 3 new 6 updated methods - This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL.
• Cost Optimization Hub - 3 updated methods - This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL.
• Amazon Interactive Video Service RealTime - 5 updated methods - IVS Real-Time now offers customers the ability to record individual stage participants to S3.
• Amazon SageMaker Service - 2 new 14 updated methods - Adds support for model references in Hub service, and adds support for cross-account access of Hubs
• AWS Artifact - 1 updated methods - This release adds an acceptanceType field to the ReportSummary structure (used in the ListReports API response).
• Amazon OpenSearch Service - 7 updated methods - This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains.
• Amazon Bedrock Runtime - 2 updated methods - This release adds support for using Guardrails with the Converse and ConverseStream APIs.
• Amazon Elastic Kubernetes Service - 3 updated methods - This release adds support to surface async fargate customer errors from async path to customer through describe-fargate-profile API response.
• Amazon SageMaker Service - 8 new 4 updated methods - Launched a new feature in SageMaker to provide managed MLflow Tracking Servers for customers to track ML experiments. This release also adds a new capability of attaching additional storage to SageMaker HyperPod cluster instances.
• AWS CodeBuild - 5 updated methods - AWS CodeBuild now supports global and organization GitHub webhooks
• AWS Glue - 5 new 12 updated methods - This release introduces a new feature, Usage profiles. Usage profiles allow the AWS Glue admin to create different profiles for various classes of users within the account, enforcing limits and defaults for jobs and sessions.
• AWS Elemental MediaConvert - 8 updated methods - This release includes support for creating I-frame only video segments for DASH trick play.

🍹 Updated AWS Managed IAM Policies

Managed Policy changed since last week: 9

1. AWSApplicationAutoscalingWorkSpacesPoolPolicy
2. AWSBudgetsReadOnlyAccess
3. 🚩 AWSConfigServiceRolePolicy
4. 🚩 AWS_ConfigRole
5. 🚩 AmazonAthenaFullAccess
6. AmazonConnectReadOnlyAccess
7. ComputeOptimizerReadOnlyAccess
8. ECRTemplateServiceRolePolicy
9. 🚩 ReadOnlyAccess

🔀 Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included