Security Newsletter - VMWare vCenter vulnerable to critical exploit. Microsoft releases CodeQL queries for Solarwinds. Hiding c2 servers in Bitcoin transactions. • How to protect sensitive data for its entire lifecycle in AWS • Fall 2020 PCI DSS report now available with eight additional services in scope • I made a thing. Assume AWS IAM roles from GitHub Actions. Now I can use the best CI solution with the best cloud and not have to create IAM users. The role sessions are even tagged with repo, SHA, run numbers, etc for much saner CloudTrail trawling. <a href="https://t.co/p2BRDTQsX6" target="_blank">github.com/glassechidna/a…</a> • So last night I passed the AWS Machine Learning - Specialty exam 😃 That was a tough one! 😅 For anyone interested in AI/ML I would encourage you to study for it 📚 I learnt a ton and liked how a large % of the exam was focused on general ML knowledge vs the AWS services. • ☁️ Security Logging in Cloud Environments <a href="https://twitter.com/lancinimarco" target="_blank">@lancinimarco</a>: Designing a state of the art multi-account security-related logging platform Covers: * CloudTrail, CloudWatch, GuardDuty, Config * Collecting logs * Storage &amp; audit trail * Monitoring &amp; alerting <a href="https://t.co/YqXezv3hmX" target="_blank">marcolancini.it/2021/blog-secu…</a> • Happy 10th birthday <a href="https://twitter.com/AWSCloudFormer" target="_blank">@AWSCloudFormer</a>! 🥳 • Thursday night: Wine 🍷 and PR-FAQing 📄Me thinks this will make for a pretty awesome doc. • Damn QuickSight docs, that's dark. • In a new blog post we review downloading and exploring EBS snapshots using the EBS Direct API's. Snapshot download isn't logged in CloudTrail, making this a difficult attack to detect. <a href="https://t.co/bUfQWn7TNM" target="_blank">bit.ly/3qXWgAz</a> • 🤬 Damn Vulnerable <a href="https://twitter.com/GraphQL" target="_blank">@GraphQL</a> App by Dolev Farhi Get hands-on experience exploiting a GraphQL app, including: * Denial-of-service * Info disclosure * Code execution * Injection * Authorization bypass * and more <a href="https://twitter.com/hashtag/bugbountytips" target="_blank">#bugbountytips</a> <a href="https://t.co/Sydm3kIf6N" target="_blank">github.com/dolevf/Damn-Vu…</a> • Spending my Saturday night reviewing CFP submissions for the <a href="https://twitter.com/CloudNativeFdn" target="_blank">@CloudNativeFdn</a> Cloud Native Security Day 2021. There's still time to register! <a href="https://t.co/9ucPNfTjkK" target="_blank">events.linuxfoundation.org/cloud-native-s…</a> • My mom gets vaccinated tomorrow 💙☺️ • 😏 <a href="https://t.co/vFPwTnzOD0" target="_blank">aws.amazon.com/security-hub/?…</a> • Just spent 30mins troubleshooting why aws-cdk was not installing properly. Turns out I was installing aws-sdk 🤦‍♂️😂 <a href="https://twitter.com/hashtag/Fridays" target="_blank">#Fridays</a> • "When seconds matter, CloudTrail takes minutes" • This is a great diagram showing how the various AWS security services interact <a href="https://t.co/ttSQwi4Ldy" target="_blank">marcolancini.it/2021/blog-secu…</a> thanks <a href="https://twitter.com/lancinimarco" target="_blank">@lancinimarco</a>, this belongs in the official docs! • If you're using Amazon Cognito, you should watch this short (but great) summary of how to do it securely: <a href="https://t.co/mNWVnlhSOb" target="_blank">youtube.com/watch?v=QDR-pX…</a> Slowly working my way through the <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> re:Invent 2020 catalogue, let me know if you've got recommendations! • Building a Serverless multi-player game that scaled • 10 Best Free AWS Learning Resources for Beginners • Describe instances, sns topics, sqs, cloudwatch etc. across all AWS regions from the command line. • In 2021, AWS Athena and QuickSight are actually good for analyzing your mountain of ELB logs • Has anyone here worked for an AWS (or other "cloud") consultancy? What's it like? • I recently discovered that all versions of Windows Server 2012 (but not Server 2012 R2) are affected by a DLL hijacking vulnerability that can be exploited for privilege escalation. This bug can be triggered by a regular user and does not require a system reboot. Here is my writeup: • PortSwigger Research: Top 10 web hacking techniques of 2020 • What AWS training would be most relevant to someone in the C-suite?

for region in `aws ec2 describe-regions --output text | cut -f4`
do
     echo -e "\nListing …