SRE Weekly Issue #315 • 📖 [The CloudSecList] Issue 130 • [tl;dr sec] #125 - Hacking a Billionaire, Automating Incident Response in AWS • Amazon Elastic Compute Cloud - 3 updated methods • Amazon Simple Systems Manager (SSM) - 9 updated methods • AWS Config - 2 new 17 updated methods • AWS Lambda - 8 updated methods • ISO/IEC 27001 certificates now available in French and Spanish • How to use AWS Security Hub and Amazon OpenSearch Service for SIEM • ec2: 3 new actions, 1 new resource | 1 updated action • quicksight: 2 new actions • s3-outposts: 1 new action • Did you know that Dirty Pipe could also be used to escape unprivileged containers and gain root access on a Kubernetes host? 📖 Write-up: <a href="https://t.co/DCGmbI14xP" target="_blank">datadoghq.com/blog/engineeri…</a> 👀 Proof of concept: <a href="https://t.co/YORJIr4HfT" target="_blank">github.com/datadog/dirtyp…</a> A thread on how it's done. 🧵⬇️ • Advanced Persistent Teenager • "Fantastic AWS Hacks and Where to Find Them" - Getting started in AWS security, and how companies are getting hacked on AWS 📖Slides: <a href="https://t.co/fwkBhqCmZg" target="_blank">dtdg.co/fantastic-aws-…</a> 🧠Mindmap: <a href="https://t.co/JuLc7c7dft" target="_blank">mindmeister.com/map/2211520103…</a> 🎨 by <a href="https://twitter.com/MindsEyeCCF" target="_blank">@MindsEyeCCF</a> • Just blogged: "What to look for when reviewing a company's infrastructure" - A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components. <a href="https://t.co/pvuz4stgTp" target="_blank">marcolancini.it/2022/blog-clou…</a> • <a href="https://twitter.com/hashtag/hugops" target="_blank">#hugops</a> to everyone in the Okta security team this week, it’s going to be a long one. For orgs using Okta, the details aren’t clear, so I’d be threat hunting for successful auths to services where there’s no matching okra session (a la golden SAML). I’d also be looking for… • Let's talk flexible work hours. I usually don't work on Fridays afternoons. My brain is fried 🧠 🍳. I love working on Sundays. I get to explore my thinky thoughts with a clear mind. This is today. • This appears to be legit. Sent to my <a href="https://t.co/JcYaW1u5t4" target="_blank">flaws.cloud</a> root email. Apparently AWS may now close your account if you don't respond within 5 days to what they think is a security incident, but there is no support case in the account to respond to (and no closed cases). 🤔 • Huh. Someone emailed me that flAWS was broken, for the final level related to Lambda. I got an AccessDenied trying look at the Lambda service, while logged in as root, no SCPs on the account. EC2, IAM, S3, all work. Created root access key, still AccessDenied for only Lambda. 🤔 • What performance are people getting from the new Lambda ephemeral storage? My results when running `npm ci` (575 MB written) inside Lambda: /tmp 38 secs 108K writes = ~15MB/s, ~2800 IOPS EFS 180 secs 252K writes = ~3MB/s, ~1400 IOPS 4-5x faster is nice, but less than expected • 🗡️ How we found vulnerabilities in GitHub Actions CI/CD pipelines <a href="https://twitter.com/_alex_il_" target="_blank">@_alex_il_</a> describes vulnerable patterns in GitHub Actions that can lead to an attacker being able to steal secrets, inject code, etc. + mitigations on how to keep this from happening <a href="https://t.co/MpHL2uQnDr" target="_blank">cycode.com/blog/github-ac…</a> • Trouble choosing the services (read comment) • AWS Lambda Now Supports Up to 10 GB Ephemeral Storage • 10GB Ephemeral Storage for AWS Lambda • 200k members. Congrats to /r/aws! • The person that identifies the most anti-patterns in this getting started guide wins • Microsoft: DEV-0537 (LAPSUS$) criminal actor targeting organizations for data exfiltration and destruction • Using the Dirty Pipe Vulnerability to Break Out from Containers • Cloud Security Certification • Nine ways to secure AWS S3 buckets - SC Media • [2022] Passing the AWS Certified Security — Specialty exam | by Chouaieb Nemri | Mar, 2022 | Medium - Medium