SRE Weekly Issue #321 • 📖 [The CloudSecList] Issue 136 • [tl;dr sec] #131 - Compromising Read-Only Containers, Finding 0days in Enterprise Software • AWS DataSync - 6 updated methods • Amazon Elastic Compute Cloud - 24 updated methods • AWS IoT - 2 updated methods • AWSKendraFrontendService - 1 updated methods • How to use new Amazon GuardDuty EKS Protection findings • workspaces: 1 updated condition • shield: 1 updated condition • sqlworkbench: 1 new action | 1 updated condition • 🔒 Tool: SSH No Ports SSH to a remote Linux host/device without that device having any open ports (not even 22) on external interfaces All network connectivity is outbound No need to know the target's IP By <a href="https://twitter.com/atsigncompany" target="_blank">@atsigncompany</a> <a href="https://t.co/ASampjUMqV" target="_blank">github.com/atsign-foundat…</a> • 🥶 Frostbyte A POC project that combines different defense evasion techniques to build better <a href="https://twitter.com/hashtag/redteam" target="_blank">#redteam</a> payloads ➡️ Embed an encrypted shellcode stub into a known signed executable &amp; still keep it signed like how the Zloader malware did By <a href="https://twitter.com/0xpwnisher" target="_blank">@0xpwnisher</a> <a href="https://t.co/bZeEtWIVnS" target="_blank">github.com/pwn1sher/frost…</a> • 8.5 years…completed it! Worked Hard, Had Fun, Made History ✅ Friday was my last day <a href="https://twitter.com/awscloud" target="_blank">@awscloud</a> - made so many amazing friends and lifelong memories🧡 ✌️ • Does anyone know why AWS KMS seems to also be called the Trent Service? Who's Trent? • There is a threat actor that is scanning and exploiting AWS environments that are not enforcing IMDSv2, and are running vulnerable software. Reminder: there are vendors that do not allow enforcing IMDSv2 that need to release fixes (including AWS): <a href="https://t.co/TgDSupBAfG" target="_blank">github.com/SummitRoute/im…</a> • I think we have an answer (a few, actually) already. The twitterverse is magic • I’m happy to share that I’m starting a new position as Director of Engineering &amp; Distinguished Engineer <a href="https://twitter.com/showpad" target="_blank">@showpad</a> Very excited to be joining a customer focused, high-growth SaaS organisation 🚀 P.S - We are hiring (DMs open) 😜 • Important parts of Heroku were hacked. 😬 "a threat actor ... downloaded stored customer GitHub integration OAuth tokens ... exfiltrate the hashed and salted passwords for customers’ user accounts" • Just asked "How do I add line numbers to a word doc?" Line number vs no line number has been a hot topic for debate throughout my AWS career. I am finally making the leap! Let's hope this works out. • Yet another dependency takeover - this one in Ruby gems. <a href="https://twitter.com/hashtag/SupplyChainSecurity" target="_blank">#SupplyChainSecurity</a> <a href="https://t.co/7VFlwTJV77" target="_blank">github.com/rubygems/rubyg…</a> • Website to PDF using AWS Lambda Function URLs and CDK • Dear AWS - Please stop your VPN Client from fucking with my networking settings • Need Advice - 75 printers requesting our APIs 200 million times • At what point does glacier make sense? Got hit with a big transfer fee • Accidentally created a bunch of instances in EC2... how much will I get charged? (free tier) • New update from Google's Threat Analysis Group finds numerous APTs running campaigns in Ukraine and Est. Europe, including Fancy Bear (Russia), Ghostwriter (Belarus) and Curious Gorge (China). • CloudFlare Pages, part 1: The fellowship of the secret • GPCS (GIAC Public Cloud Security) • Secure Your Migration to AWS, Part I: The Challenges – TechEconomy.ng - TechEconomy.ng • Contrast Security Embarks on AWS Summit Global World Tour - PR Newswire