Lex NevaJan 10
10
Monday January, 2022
🔦 Highlight of the week
- PolicyGlass is a Python Package that allows you to analyse one or more AWS IAM policies' effective permissions in aggregate
- Don't Make My Mistakes: Common Infrastructure Errors I've Made
- Amazon GuardDuty has updated the following finding types to help identify and prioritize issues related to CVE-2021-44228 and CVE-2021-45046
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AmazonFISServiceRolePolicy
- AmazonLookoutMetricsReadOnlyAccess
- AmazonMSKFullAccess
- FMSServiceRolePolicy
Get notified of policy change using this Twitter bot. 🐦
🆕 MASE - Monitor AWS Services and Regional Endpoints on Twitter
SRE Weekly Issue #304
📖 [The CloudSecList] Issue 119
Marco from CloudSecListJan 09
[tl;dr sec] #114 - Web Security, Detecting Container Drift
Clint at tl;dr secJan 06
AWS AppSync - 9 updated methods
Jan 6
AppSync: AWS AppSync now supports configurable batching sizes for AWS Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
Amazon Elastic Compute Cloud - 11 updated methods
Jan 6
This release introduces On-Demand Capacity Reservation support for Cluster Placement Groups, adds Tags on instance Metadata, and includes documentation updates for Amazon EC2.
Amazon Elasticsearch Service - 6 updated methods
Jan 6
Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
AWS IoT Wireless - 2 new methods
Jan 6
Downlink Queue Management feature provides APIs for customers to manage the queued messages destined to device inside AWS IoT Core for LoRaWAN. Customer can view, delete or purge the queued message(s). It allows customer to preempt the queued messages and let more urgent messages go through.
Using AWS security services to protect against, detect, and respond to the Log4j vulnerability
Marshall JonesJan 8
January 7, 2022: The blog post has been updated to include using Network ACL rules to block potential log4j-related outbound traffic. January 4, 2022: The blog post has been updated to suggest using WAF rules when correct HTTP Host Header FQDN value is not provided in the request. December 31, …
Disabling Security Hub controls in a multi-account environment
Priyank GhediaJan 6
In this blog post, you’ll learn about an automated process for disabling or enabling selected AWS Security Hub controls across multiple accounts and multiple regions. You may already know how to disable Security Hub controls through the Security Hub console, or using the Security Hub update-standards-control API. However, these methods …
AWS re:Invent 2021 security track recap
Marta TaggartJan 6
Another AWS re:Invent is in the books! We were so pleased to be able to host live in Las Vegas again this year. And we were also thrilled to be able to host a large virtual audience. If you weren’t able to participate live, you can now view some of …
Automatically resolve Security Hub findings for resources that no longer exist
Kris NormandJan 4
In this post, you’ll learn how to automatically resolve AWS Security Hub findings for previously deleted Amazon Web Services (AWS) resources. By using an event-driven solution, you can automatically resolve findings for AWS and third-party service integrations. Security Hub provides a comprehensive view of your security alerts and security posture …
pi: 3 new actions
Jan 8
3 new actions: GetResourceMetadata (call getresourcemetadata api to retrieve the metadata for different features), ListAvailableResourceDimensions (call listavailableresourcedimensions api to retrieve the dimensions that can be queried for each specified metric type on a specified db instance), ListAvailableResourceMetrics (call listavailableresourcemetrics api to retrieve metrics of the specified types that can be …
iotwireless: 2 new actions
Jan 8
2 new actions: DeleteQueuedMessages (delete queuedmessages), ListQueuedMessages (list the queued messages)
elasticfilesystem: 3 new actions
Jan 8
3 new actions: CreateReplicationConfiguration (create a new replication configuration), DeleteReplicationConfiguration (delete a replication configuration), DescribeReplicationConfigurations (view the description of an amazon efs replication configuration specified by filesystemid; or to view the description of all replication configurations owned by the caller's aws account in the aws region of the endpoint that …
Aidan W Steele @__steele
What's the silliest use for 281 trillion IP addresses?
I made a thing that uses the new-ish AWS EC2 support for assigning IPv6 prefixes to EC2 instances. You can only connect to the instance when the IP ends in a TOTP 6 digit authenticator code. How/why:
github.com/aidansteele/ip…
Aidan W Steele @__steele
Imagine how much worse this could have been (and how long it would have gone undetected) if the change was siphoning AWS credentials instead of graffiti in the terminal.
Soenke Ruempler @s0enke
Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is…
It shows "LIBERTY LIBERTY LIBERTY".
Clint Gibler @clintgibler
🔭 Web Cache Vulnerability Scanner
A Go-based CLI tool for testing for web cache poisoning by @m10x_de
Supports 9 different web cache poisoning techniques
#bugbountytips #Pentesting
github.com/Hackmanit/Web-…
Victor Grenu @zoph
I've started to reference all mistakes made by AWS on IAM AWS Managed Policies on this "Hall of Fails" markdown file.
Feel free to issue PR and add your contribution. 👌🏼 github.com/z0ph/MAMIP/blo…
Scott Piper @0xdabbad00
Time to retire the bastions that use port knocking. The new trick is shuffling the IPv6 address based on a TOTP code. 😂 Finally TOTP support for any protocol.
Aidan W Steele @__steele
What's the silliest use for 281 trillion IP addresses?
I made a thing that uses the new-ish AWS EC2 support for assigning IPv6 prefixes to EC2 instances. You can only connect to the instance when the IP ends in a TOTP 6 digit authenticator code. How/why:
github.com/aidansteele/ip…
Matt Fuller @matthewdfuller
Got tired of all those Reddit posts about hacked #AWS accounts and decided to write this guide for setting up an account and staying within the free tier. This one is a bit more oriented towards beginners, but hopefully useful! #CloudComputing
matthewdf10.medium.com/so-you-want-to…
Clint Gibler @clintgibler
"There is still SO MUCH CSRF to find in bounty programs." -@hakluke
His 🧵 with tips on how:
twitter.com/hakluke/status…
🛠️ XSRFProbe by @0xInfection
A CSRF audit and exploitation toolkit that can crawl sites and generate PoCs when a vuln is found
github.com/0xInfection/XS…
hakluke @hakluke
There is still SO MUCH CSRF to find in bounty programs.
CSRF comes in many forms. Try:
- Removing the token parameter entirely
- Setting the token to a blank string
- Changing the token to an invalid token of the same format
- Using a different user's token
More in thread 👇
Scott Piper @0xdabbad00
This is an interesting change. You shouldn't have anything sensitive on your tags, and if an attacker can access the metadata service you're having a bad day anyway.
What’s New on AWS @awswhatsnew
Instance Tags now available on the Amazon EC2 Instance Metadata Service
You can now access your instance's tags from the EC2 Instance Metadata Service. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, own... aws.amazon.com/about-aws/what…
Ian Mckay @iann0036
In retrospect, tabs wasn't the most scalable solution 😵
Brigid Johnson @bjohnso5y
One of my greatest 2021 accomplishments was quoting Eminem in an AWS doc. Just watched 8 mile again last night and it reminded me.
Thanks to all of the "My account was hacked!" posts here, I finally setup MFA on all of my accounts
Just wanted to post a thank-you for all the hard lessons learned by the community.
It was the final motivation I needed to setup MFA across all of my environments in all of my projects.
I've been delaying the setup for months. Thanks for the motivation!
Hopefully this serves as …
Multi-Cloud is NOT the solution to the next AWS outage.
My take on the recent "December" outages. I have seen too many articles talking about Multi-Cloud in the past month, while there is a lot that can be done in terms of disaster recovery before even considering Multi-cloud.
Reduced S3 costs by 60% with S3 Glacier Instant Retrieval storage class
Our S3 storage was a bit unoptimized and with bucket analytics and lifecycle rules, we've managed to reduce the costs from $3400/month to $300/month.
The last piece of the puzzle was to switch from Standard IA to Glacier Instant Retrieval which enabled an additional reduction of 60% on top of …
How to spend $27k on EBS Volumes you never knew you had.
TLDR;: Forget to check the hidden "Delete on Termination" checkbox for the EBS volumes of your Launch Config that is attached to the ASG of the capacity provider of your ECS cluster. Good times.
A couple of months ago, we had some performance issues and determined it was best to …
What is the difference between endpoint Security and cloud security ?
Example : What is the difference between endpoint security of a win10 laptop vs win10 VM on a cloud ?
We are essentially deploying the same AV solution on both of them, so what is the difference ?
Any reading material, link etc would be appreciated.
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
- 🐦 Follow me on Twitter or hire me.
