SRE Weekly Issue #277
Lex NevaJul 05
5
Monday July, 2021
📖 [The CloudSecList] Issue 94
Marco from CloudSecListJul 04
[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub’s AI Pair Programmer
Clint at tl;dr secJul 01
AWS Firewall Manager is now available in the Asia Pacific (Osaka) Region
Jun 29
Starting today, AWS Firewall Manager is available in Asia Pacific (Osaka).
IAM Access Analyzer adds new policy checks to help validate conditions during IAM policy authoring
Jun 29
AWS Identity and Access Management (IAM) Access Analyzerand, nbsp;makes it easier for customers to author secure and functional permissions by providing over 100 policy checksand, nbsp;with actionable recommendations during policy authoring.and, nbsp;Now, IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. …
AWS WAF adds 15 new text transformations
Jun 28
AWS WAF now supports 15 additional text transformations, allowing you to reformat web requests to remove any unusual formatting, or sanitize input before rule evaluation. It can be used to identify threats that may be obscured by attackers in an effort to bypass detection. You can use these new text …
Amazon Elastic Compute Cloud - 12 updated methods
Jul 1
Adding a new reserved field to support future infrastructure improvements for Amazon EC2 Fleet.
Amazon SageMaker Service - 5 updated methods
Jul 1
SageMaker model registry now supports up to 5 containers and associated environment variables.
Auto Scaling - 3 updated methods
Jun 30
Amazon EC2 Auto Scaling infrastructure improvements and optimizations.
AWS Glue DataBrew - 6 updated methods
Jun 30
Adds support for the output of job results to the AWS Glue Data Catalog.
How to monitor and track failed logins for your AWS Managed Microsoft AD
Tekena OrugbaniJul 2
AWS Directory Service for Microsoft Active Directory provides customers with the ability to review security logs on their AWS Managed Microsoft AD domain controllers by either using a domain management Amazon Elastic Compute Cloud (Amazon EC2) instance or by forwarding domain controller security event logs to Amazon CloudWatch Logs. You …
AWS achieves Spain’s ENS High certification across 149 services
Niyaz NoorJul 1
Gaining and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). We continually add more services to our ENS certification scope. This helps to assure public sector organizations in Spain that want to build secure applications and services on AWS that the expected ENS certification security standards …
How to integrate third-party IdP using developer authenticated identities
Andrew LeeJul 1
Amazon Cognito identity pools enable you to create and manage unique identifiers for your users and provide temporary, limited-privilege credentials to your application to access AWS resources. Currently, there are several out of the box external identity providers (IdPs) to integrate with Amazon Cognito identity pools, including Facebook, Google, and …
AWS Security Reference Architecture: A guide to designing with AWS security services
Avik MukherjeeJun 30
Amazon Web Services (AWS) is happy to announce the publication of the AWS Security Reference Architecture (AWS SRA). This is a comprehensive set of examples, guides, and design considerations that you can use to deploy the full complement of AWS security services in a multi-account environment that you manage through …
Additional IAM Access Analyzer policy checks
Jun 29
IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. These checks analyze the condition block in your policy statement and report security warnings, errors, and suggestions along with actionable recommendations.
Ian Mckay @iann0036
You can now use @AWSCloudFormer to buy and sell US stock. Now you can reward yourself on a successful CloudFront deployment by buying some $GME within the same stack. 1/
166
29Jun 28 · 11:48 PM
rowan @elrowan
This is a nice visualisation of data transfer costs in AWS aws.amazon.com/blogs/architec… ...
11825Jul 01 · 11:54 PM
Brigid Johnson @bjohnso5y
🐘Remember when Access Analyzer launched policy validation to help you author secure and functional policies? Today, we are rolling out seven more checks. 🐘(1/10)
8727Jun 30 · 12:59 AM
Steven Bryen @steven_bryen
Excited to announce that as of Monday, I will be taking on a new role at AWS. I am pumped to start as Specialist SA for AWS Infinidash.
DM's are open if you're using or looking into Infinidash. I would love to help.
1076Jul 02 · 3:45 PM
Kinnaird McQuade💥☁️ @kmcquade3
Life with ADHD: “I didn’t write it down, therefore I forgot”
959Jul 05 · 1:04 AM Steven Bryen @steven_bryen
Coming soon - AWS re:Dash 🚀
The first technical conference dedicated to everything AWS Infinidash
#infinidash #comingsoon
8110Jul 02 · 4:23 PM
Scott Piper @0xdabbad00
In 4 years, AWS has now released 4 ways to deal with managing the security of an organization from Landing Zones -> Control Tower -> Secure Environment Accelerator -> this which has the accompanying repo github.com/aws-samples/aw…
Jeff Barr ☁️ (@ 🏠 ) 💉 @jeffbarr
#AWS Prescriptive Guidance: The AWS Security Reference Architecture - docs.aws.amazon.com/prescriptive-g…
548Jun 29 · 9:21 PM
Clint Gibler @clintgibler
@paulschwarzen @github @barracud4_ @carlospolopm @HolyBugx @owasp @gose1 @lancinimarco @jupiterone_io @halbecaf @TheRSC @Skyscanner @Nebuk89 @AyoubFandiGRC 🎓 File Upload Master Class
@barracud4_ Media payloads
github.com/barrracud4/ima…
@carlospolopm, @HolyBugx
Checklist, bypass filters
book.hacktricks.xyz/pentesting-web…
@owasp Unrestricted File Upload
owasp.org/www-community/…
Cheatsheet
cheatsheetseries.owasp.org/cheatsheets/Fi…
#bugbountytips #bugbounty
3720Jul 01 · 5:00 PM
stephenschmidt @StephenSchmidt
Have you registered for #reInforce yet? This event will offer interactive educational content to help you modernize your security strategy as well as tools to stay ahead of the evolving security landscape. Register: aws.amazon.com/blogs/security…
3614Jun 28 · 10:16 PM rowan @elrowan
I ❤️ this lookup table for aws:username, aws:userid, and aws:PrincipalType values in AWS IAM conditions
HINT: Use aws:userid over aws:username, since username is only for IAM Users and you shouldn't be using them to access your AWS environment in 2021
3611Jun 30 · 7:19 AM
I'm starting a new medium series about developing a "complex" serverless application
For the past year, I've been working on a pet project: detecting locked bike stations in Paris' Velib network using the AWS serverless stack (and initially Kafka). Now that it is "finished" (i.e. spending more time on it would not help me learn much more), I've decided to write some …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
