Lex NevaApr 11
11
Monday April, 2022
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSConfigServiceRolePolicy
- AWSIoTFleetHubFederationAccess
- AWSSecurityHubReadOnlyAccess
- AWS_ConfigRole
- AccessAnalyzerServiceRolePolicy
- AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy
- AmazonEBSCSIDriverPolicy
- AmazonEventBridgeReadOnlyAccess
- AmazonRDSPerformanceInsightsReadOnly
- AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
[...]
SRE Weekly Issue #317
📖 [The CloudSecList] Issue 132
Marco from CloudSecListApr 10
[tl;dr sec] #127 - Trufflehog V3, The Future of InfoSec
Clint at tl;dr secApr 07
AWS Elemental MediaConvert - 11 updated methods
Apr 8
AWS Elemental MediaConvert SDK has added support for the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported formats, and improved filter support for processing 444/RGB content.
AWS Elemental MediaPackage VOD - 3 updated methods
Apr 8
This release adds ScteMarkersSource as an available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the segments.
AWS WAFV2 - 2 updated methods
Apr 8
Add a new CurrentDefaultVersion field to ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
Amazon DocumentDB with MongoDB compatibility - 2 updated methods
Apr 7
Added support to enable/disable performance insights when creating or modifying db instances
AWS Security Profile: Philip Winstanley, Security Engineering
Maddie BaconApr 7
In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services (AWS) Security and help keep our customers safe and secure. This interview is with Philip Winstanley, a security engineer and AWS Guardian. The Guardians program identifies and develops security experts within engineering …
Code examples for IAM using AWS SDKs
Apr 7
Added code examples that show how to use IAM with an AWS software development kit (SDK). The examples are divided into code excerpts that show you how to call individual service functions and examples that show you how to accomplish a specific task by calling multiple functions within the same …
ec2: 1 new action | 4 updated actions, 1 updated condition
Apr 9
1 new action: ModifyInstanceMaintenanceOptions (Grants permission to modify the recovery behaviour for an instance); 4 updated actions: AuthorizeSecurityGroupEgress (conditions, resources), AuthorizeSecurityGroupIngress (conditions, resources), StartNetworkInsightsAccessScopeAnalysis (conditions, resources), StartNetworkInsightsAnalysis (conditions); 1 updated condition: aws:TagKeys (type)
fms: 4 new actions
Apr 9
4 new actions: AssociateThirdPartyFirewall (Grants permission to set the Firewall Manager administrator as a tenant administrator of a third-party firewall service), DisassociateThirdPartyFirewall (Grants permission to disassociate a Firewall Manager administrator from a third-party firewall tenant), GetThirdPartyFirewallAssociationStatus (Grants permission to retrieve the onboarding status of a Firewall Manager administrator account to …
Kinnaird McQuade @kmcquade3
🎉 Docker added a new CLI command to generate a Software Bill of Materials (SBOM) from a Docker image.
`docker sbom` lists system packages *and* language libraries installed. You can use it to get visibility into what packages exist across your infra.
docker.com/blog/announcin…
305
103Apr 10 · 8:42 PM
Aidan W Steele @__steele
eks:CreateCluster
Randall Hunt @jrhunt
What are the biggest mistakes you see startups making in AWS?
28231Apr 05 · 5:15 AM
Clint Gibler @clintgibler
🔥 Trufflehog v3 🔥
🏎️ Faster: rewritten in Go
🔬 Detects >600 credential types
✅ Actively verifies if creds still work => no FPs
☁️ Native support for scanning GitHub, GitLab, filesystems, and S3
#bugbounty #bugbountytips
github.com/trufflesecurit…
Truffle Security @trufflesec
We're so happy to Open Source TruffleHog V3! youtu.be/AM3REzw1LDk
11749Apr 05 · 10:57 PM Aidan W Steele @__steele
Has anyone figured out the deterministic process described in the Lambda function URL docs?
It feels like they put this highlighted part here solely to tempt me into wasting time figuring it out. And I’ve completely fallen for it.
9914Apr 07 · 10:33 AM
Scott Piper @0xdabbad00
Since lambda malware is getting recent attention, this talk is perhaps the earliest talk around lambda malware (2016), and is very entertaining: youtube.com/watch?v=YZ058h…
6113Apr 07 · 8:46 PM
Victor Grenu @zoph
What if AWS starts to apply extra costs to insecure resources? Like applying extra fees to public S3 buckets, IAM Users with unused AK/SK or without MFA, Unauthentified APIGW, etc...?
They are already applying extra costs to orphaned EIPs. Same things but for security.
559Apr 08 · 3:13 PM Clint Gibler @clintgibler
Great post on Security Engineering, scaling security, encouraging devs to proactively up security posture, dashboards, and more.
CC people who will probably enjoy: @frgx @DanielMiessler @manicode @travismcpeak @coffeetocode @nicowaisman @shehackspurple @ejcx_ @laraghavan
David Trejo @ddtrejo
🆕 Just wrote this article about what I've been building at work 🥳 We're hiring!
Monocle: How Chime creates a proactive security & engineering culture (Part 1)
medium.com/life-at-chime/…
4113Apr 08 · 1:07 AM
Matt Fuller @matthewdfuller
Looks like how AWS evaluates IAM permissions once you add in boundaries, SCPs, conditions, resource policies, I could go on.
Bundesinfrastrukturmismanagementsministerium @YoloNoc
Isn't that the BGP path selection algorithm?
454Apr 09 · 3:33 AM Scott Piper @0xdabbad00
I don't think GuardDuty can detect lambda miners (maybe GD experts like @123Le_Bron can correct me), because GD has 3 source of input:
1. CloudTrail: This miner doesn't make AWS calls
2. DNS: This uses DNS over HTTP
3. VPC Flow Logs: I'm unsure if this would detect it. 🧵
chris doman @chrisdoman
This is some fun analysis of (the first?) malware designed to run in AWS Lambda by @_mattmuir >
cadosecurity.com/cado-discovers…
405Apr 07 · 5:33 PM
Ian Mckay @iann0036
I was informed by a friend that Cognito seems to have updated their processing rules for Hosted UI CSS configurations.
The previous "do what you want" rules no longer apply and there's now a filter on upload, but can we bypass this to add a nice background? Let's find out 🕵️ 1/
Ian Mckay @iann0036
Have you ever used Cognito's Hosted UI and found it very limiting in its customization options? (drop shadows and plain backgrounds🤢)
Well today I've figured out a way to fully customize the CSS, so you can make beautiful looking pages like this: 😍
…auth.ap-southeast-2.amazoncognito.com/login?client_i…
1/
312Apr 08 · 4:58 AM
Mysterious ABC bucket, a fishnet for the careless?
I created an S3 bucket then went to upload some test/junk python scripts like...
$ aws s3 cp --recursive src s3://${BUCKET}/abc/code/
It worked! Then I realized that the ${BUCKET} env var wasn't set, huh? It turns out I uploaded to this mysterious s3://abc/ bucket. Writing and listing the the contents …
Trying to figure out a strange S3 cost jump from Feb 1st
We experienced a significant uptick in charged from something done on January 31st that I am currently unable to explain.
TimedStorage-ByteHrs (GB-Month) jumped up between 1/31/22 into 2/1/22 across multiple accounts, every bucket, and every storage class that I have no idea how to explain. The screenshot below is a …
Vulnerability research
If a dev has found a vulnerability on his system. How should a cloud security engineer help research this vulnerability and help implement a fix if there is one.
- 🖊️ This newsletter was forwarded to you? Subscribe here
- 📢 Promote your content with ASD Sponsorship
- 💌 Want to suggest new content: contact me or reply to this email