Security Newsletter - Europol takes down DarkMarket. Joker's Stash carding site stops. €10 million GDPR fine for video surveillance. • Amazon Cognito Identity Pools enables using user attributes from identity providers for access control to simplify permissions management in AWS • Best practices and advanced patterns for Lambda code signing • How to approach threat modeling • My 3rd annual "AWS Security Maturity Roadmap" is out! This is my guide for the steps to securely run on AWS. See what changed this year and download it at <a href="https://t.co/ziK34RG5vU" target="_blank">summitroute.com/blog/2021/01/1…</a> • Table top exercise: an attacker has compromised the S3 bucket used to store CFN templates as part of your build process and is overwriting them with similar templates with an injected cross-account IAM admin role between the "upload" and "create-stack" steps. How do you detect? • Haha! 🤣🤣 Thank you <a href="https://twitter.com/shehackspurple" target="_blank">@shehackspurple</a>, your newsletter made me laugh and put a smile on my face 👇 • The re:Invent talk by <a href="https://twitter.com/JPoForenso" target="_blank">@JPoForenso</a> "Instance containment techniques for effective incident response" highlights the most confusing IR concept on AWS, that Security Group changes may not work how you expect. See 16:52 <a href="https://t.co/lOXjKXZ4I0" target="_blank">virtual.awsevents.com/media/0_ony0og…</a> • From a Slack team re: AWS GuardDuty Instance Credential Exfiltration Context tldr: Creds stolen from the EC2 IMDS _won't_ trigger this finding if they are used from another EC2 instance, even in a diff AWS account This gives me hope we should be seeing that change soon :D • On Jan 21st we will be delivering a re:cap on everything <a href="https://twitter.com/hashtag/AWSreInvent" target="_blank">#AWSreInvent</a> 🔥 Come join me to recap on all the exciting launches and announcements! 🚀 <a href="https://t.co/quN0aVaykU" target="_blank">bit.ly/38Ekr00</a> • 🐋 How Netflix secures their containers using User Namespaces ("rootless containers") Great overview of the problem space + a discussion of how their architecture has changed over time by <a href="https://twitter.com/fabiokung" target="_blank">@fabiokung</a> <a href="https://twitter.com/sargun" target="_blank">@sargun</a> <a href="https://twitter.com/aspyker" target="_blank">@aspyker</a> <a href="https://twitter.com/heliousc6" target="_blank">@heliousc6</a> <a href="https://twitter.com/anwleung" target="_blank">@anwleung</a> et al <a href="https://t.co/7G0V0A83Pc" target="_blank">netflixtechblog.com/evolving-conta…</a> • Recently <a href="https://twitter.com/hashtag/AWSSSO" target="_blank">#AWSSSO</a> and now <a href="https://twitter.com/hashtag/AmazonCognito" target="_blank">#AmazonCognito</a> supports ABAC! Now you can use attributes from your social provider to determine permissions to access resources. More on ABAC: <a href="https://t.co/uavWUc67t9" target="_blank">docs.aws.amazon.com/IAM/latest/Use…</a> • This will be useful next time a leader tells me to put on my "think big hat" ...a gift from my parents basement. Maybe they will find a AWS service down there too?! 🤷 • If you don’t think you’re already in the cloud... have someone from finance go see if people have charged AWS to their corporate Amex cards. You’d be surprised. Also a great way to track down potential shadow IT <a href="https://t.co/P4XMgie6Tm" target="_blank">twitter.com/AccidentalCISO…</a> • Today is my first birthday during COVID times. For all that celebrated last year, any ideas on how to celebrate? • wat • A yearly post I look forward to reading top-to-bottom every year. Definitely worth a read if you're building or supporting anything in <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a>. <a href="https://twitter.com/hashtag/cloud" target="_blank">#cloud</a> <a href="https://twitter.com/hashtag/security" target="_blank">#security</a> • Tell me you work in cloud security without telling me you work in cloud security ☁️ 💥 • <a href="https://twitter.com/matthewdfuller" target="_blank">@matthewdfuller</a> Do I have to detect or just avoid compromise? If it’s the latter, I have versioning enabled on the bucket and append ?versionId=xxx to the TemplateURL parameter. • Cloud Security Engineer technical interview? • CloudFormation now has more resource types than Terraform (664 CFN - 654 TF) • Twitter taps AWS for its latest foray into the public cloud • Amazon EC2 API now supports Internet Protocol Version 6 (IPv6) • How to Enable Logging on Every AWS Service in Existence (Circa 2021) • How AWS is helping to secure internet routing | Amazon Web Services
Hi everyone! I hope you're all doing well, keeping healthy and sane. We're going into our fifth week of school lockdown, being at home full time with a baby and …
Amazon Cognito Identity Pools now enables you to use attributes from social and corporate identity providers to make access control decisions and simplify permissions management to AWS resources.
Amazon Web Services (AWS) recently released Code Signing for AWS Lambda. By using this feature, you can help enforce the integrity of your code artifacts and make sure that only trusted developers can deploy code to your AWS Lambda functions. Today, let’s review a basic use case along with best …
In this post, I’ll provide my tips on how to integrate threat modeling into your organization’s application development lifecycle. There are many great guides on how to perform the procedural parts of threat modeling, and I’ll briefly touch on these and their methodologies. However, the main aim of this post …
My 3rd annual "AWS Security Maturity Roadmap" is out! This is my guide for the steps to securely run on AWS. See what changed this year and download it at summitroute.com/blog/2021/01/1…
Table top exercise: an attacker has compromised the S3 bucket used to store CFN templates as part of your build process and is overwriting them with similar templates with an injected cross-account IAM admin role between the "upload" and "create-stack" steps. How do you detect?
The re:Invent talk by @JPoForenso "Instance containment techniques for effective incident response" highlights the most confusing IR concept on AWS, that Security Group changes may not work how you expect. See 16:52 virtual.awsevents.com/media/0_ony0og…
New! #AmazonCognito Identity Pools now enables you to use attributes from social and corporate identity providers to simplify access control management and avoid constant updates to permissions. go.aws/35GXKGt
This will be useful next time a leader tells me to put on my "think big hat" ...a gift from my parents basement. Maybe they will find a AWS service down there too?! 🤷
If you don’t think you’re already in the cloud... have someone from finance go see if people have charged AWS to their corporate Amex cards. You’d be surprised.
A yearly post I look forward to reading top-to-bottom every year. Definitely worth a read if you're building or supporting anything in #AWS. #cloud#security
My 3rd annual "AWS Security Maturity Roadmap" is out! This is my guide for the steps to securely run on AWS. See what changed this year and download it at summitroute.com/blog/2021/01/1…
@matthewdfuller Do I have to detect or just avoid compromise? If it’s the latter, I have versioning enabled on the bucket and append ?versionId=xxx to the TemplateURL parameter.
