Lex NevaFeb 14
14
Monday February, 2022
Scale AWS IAM security (📢 Sponsor)
Securing AWS IAM shouldn’t overload experts. Now you can scale AWS security out to delivery teams.
Eliminate excess IAM privileges with actionable IAM access reports and usable automation from k9 Security. Integrated with your favorite tools.
Built for Cloud teams doing continuous delivery.
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
SRE Weekly Issue #309
📖 [The CloudSecList] Issue 124
Marco from CloudSecListFeb 13
[tl;dr sec] #119 - Picking the Right Terraform Security Tool, BloodHound for Cloud
Clint at tl;dr secFeb 10
AWS CloudFormation - 1 updated methods
Feb 10
This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes
Amazon Pinpoint - 4 updated methods
Feb 10
This SDK release adds a new paramater creation date for GetApp and GetApps Api call
AWS WAFV2 - 3 new 8 updated methods
Feb 10
Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
AWS CloudFormation - 1 new 15 updated methods
Feb 9
This SDK release is for the feature launch of AWS CloudFormation Hooks.
C5 Type 2 attestation report now available with 141 services in scope
Mercy KanengoniFeb 11
Amazon Web Services (AWS) is pleased to announce the issuance of the new Cloud Computing Compliance Controls Catalogue (C5) Type 2 attestation report. We added 18 additional services and service features to the scope of the 2021 report. Germany’s national cybersecurity authority, Bundesamt für Sicherheit in der Informationstechnik (BSI), established …
ds: 1 new action | 4 updated actions
Feb 14
1 new action: DescribeClientAuthenticationSettings (retrieve information about the type of client authentication for the specified directory, if the type is specified. if no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. currently, only smartcard is supported); 4 updated actions: ConnectDirectory …
quicksight: 2 new actions
Feb 14
2 new actions: AccountConfigurations (to enable setting default access to aws resources), ScopeDownPolicy (scoping policies for permissions to aws resources)
cloudformation: 1 new action
Feb 14
1 new action: DescribeChangeSetHook (return the hook invocation information for the specified change set)
Release v4.0.0 · hashicorp/terraform-provider-aws
BREAKING CHANGES: data-source/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375) resource/aws_batch_compute_environment: No compute_resources configura...
Clint Gibler @clintgibler
🔎 OAUTHScan
A @Burp_Suite extension useful when testing applications implementing OAUTHv2 and OpenID standards
Contains 10+ security checks for vulnerabilities and common misconfigurations
#bugbountytips #websecurity
github.com/akabe1/OAUTHSc…
Kinnaird McQuade💥🌩 @kmcquade3
My girlfriend just passed her AWS Certified Solutions Architect Associate exam! I guess we are the cloud couple now 😂
Ben Reser @BenReser
v4.0.0 of the #Terraform AWS Provider came out today. It moves the provider to using IMDSv2. If you're running in a container on an EC2 instance you'll need to increase the HttpPutResponseHopLimit to 2. If you don't you'll get errors about "no valid credential sources."
Scott Piper @0xdabbad00
Hey @TwitterSupport, please re-enable this account: @awswhatsnew It just tweets the links from Amazon's RSS feed.
Ian Mckay @iann0036
Finally got around to publishing my first hook!
This hook scans all properties of all resources and blocks if secrets are found. You can specify your own rules or use the comprehensive defaults, and even add path-based exceptions. It's available in all regions now.🪝☁️ twitter.com/AWSCloudFormer…
AWS CloudFormation @AWSCloudFormer
Announcing #AWS #CloudFormation Hooks! Now you can run custom logic before CloudFormation creates, updates, or deletes a resource in your AWS accounts. Learn more here: go.aws/3BkV6F5
Clint Gibler @clintgibler
🛡️ Awesome-Security-Hardening
A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools & other resources by @decalage2
* Linux/Windows/macOS
* Network devices
* Containers
* SSH
* Web servers
+ more
#blueteam
github.com/decalage2/awes…
Scott Piper @0xdabbad00
Reminder: GuardDuty's new EKS monitoring has now been disabled for everyone (it had originally been auto-enabled). You need to re-enable it.
aws.amazon.com/about-aws/what…
Christophe @christophetd
Stratus Red Team v1.4.0 released!
New: Kubernetes support, with 4 techniques:
• Steal service account token from a pod
• Create an admin role
• Run a privileged pod
• Run a pod mounting the host filesystem
👉github.com/DataDog/stratu…
📈 Next up: More Kubernetes, Azure support
Aidan W Steele @__steele
~HECK~ HOOK YEAH hooks are here!
aws.amazon.com/about-aws/what…
Marco Lancini @lancinimarco
Finally managed to read "Scanning Infrastructure-as-Code for security flaws" from @christophetd: I have to say I did laugh when I saw this slide :D
docs.google.com/presentation/d…
AWS Cloud Security challenge - 1
Hey folks,
Starting these random challenges for people to try out and learn cloud hacking. You can start the hunt from s3-challenge-1 bucket. :)
Have fun !
- 🖊️ This newsletter was forwarded to you? Subscribe here
- 📢 Promote your content with Sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
