AWS Security Digest

ASD Logo

17

Monday October, 2022

Sponsor

ProwlerPro is the most comprehensive, free tool for AWS security.

ProwlerPro is trusted by developers like you, and used everyday so teams can be confident in their AWS security framework. Everything you love about Prowler Open Source plus:

Parallelized processing for faster results
Dashboards with actionable, direct insights for every level of detail of your security posture
Holistic view of your infrastructure for any AWS region
Answers in minutes

Sign up with ProwlerPro free today, and see what your first scan can do.

In a nutshell

You are using CloudFormation SAM to provision your serverless infrastructure? A cool new thing to provision permissions to avoid the hassle of creating serious IAM Policies is: AWS::Serverless::Connector.

With this new resource type, you can now craft a new access policy between two resources (eg: Lambda to DynamoDB table) with write / read permissions.

Supported resources types

🔦 Highlight of the week

📢 MAMIP (Monitor AWS Managed IAM Policies)

Policies changed since last week:

Weekly diff

👉🏻 AWS Bots: MAMIP / MASE / MGDA / MIRA

Newsletters

SRE Weekly Issue #343

Lex NevaOct 17

[tl;dr sec] #154 - The State of AWS Security, Career Resources

Clint at tl;dr secOct 13

AWS API Changes

AWS Elemental MediaConvert - 11 updated methods

Oct 14

MediaConvert now supports specifying the minimum percentage of the HRD buffer available at the end of each encoded video segment.

AWS Amplify UI Builder - 4 updated methods

Oct 13

We are releasing the ability for fields to be configured as arrays.

Amazon Appflow - 5 updated methods

Oct 13

With this update, you can choose which Salesforce API is used by Amazon AppFlow to transfer data to or from your Salesforce account. You can choose the Salesforce REST API or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API automatically.

Amazon Connect Service - 3 updated methods

Oct 13

This release adds support for a secondary email and a mobile number for Amazon Connect instance users.

Sponsor - Improve Security & Compliance for AWS Infrastructure

Easily control who can provision and access your critical AWS resources while improving security and compliance. Learn how Teleport can help you

Secure your growing AWS infrastructure
Meet security and compliance regulations through complete visibility
Increase developer productivity while saving time and money

Learn more

IAM Permission Changes

autoscaling: 1 updated condition, 2 updated actions

Oct 15

1 updated condition: aws:TagKeys (type); 2 updated actions: CreateAutoScalingGroup (dependents), UpdateAutoScalingGroup (dependents)

sns: 1 updated action

Oct 15

1 updated action: SetTopicAttributes (access)

ecs: 1 updated action

Oct 15

1 updated action: PutClusterCapacityProviders (resources)

Top Links from Security Folks

Going Phishless: How Panther Deployed WebAuthN with Okta & YubiKeys | Panther Labs

panther.com

Panther alleviates the pain of traditional SIEM with detection-as-code, a robust security data lake, & flexible scalability. Visit our website for a demo or pricing.

AWS Security Folks

Aidan W Steele @__steele

For a personal project on AWS it can feel silly to pay $16.40/mo for a load balancer in front of a $2.70/mo container, just to get TLS termination and zero-downtime deployments.

Try API GW instead. It’s much cheaper, but I rarely see people doing this

awsteele.com/blog/2022/10/1…

482

68Oct 16 · 2:56 AM

Clint Gibler @clintgibler

☁️ AWSome Pentesting

A guide to help pentesters learning more about AWS misconfigurations and ways to abuse them

The cheatsheet has useful commands for a variety of AWS services, covering enumeration, data exfiltration, privilege escalation, and more

github.com/pop3ret/AWSome…

169

54Oct 12 · 11:16 PM

Clint Gibler @clintgibler

👀 SSRF vulnerabilities and where to find them

@hakluke outlines what SSRF is and where to look

→ Use @Jhaddix's param list from HUNT

How to bypass SSRF protections
* Hostnames instead of IPs
* HTTP redirects
* DNS rebinding

#bugbounty #bugbountytips

labs.detectify.com/2022/09/23/ssr…

130

64Oct 14 · 5:00 PM

Brigid Johnson @bjohnso5y

I'll be rockin' #reInvent in style this year with my favorite service #IAM on my belt buckle! Yeehaw 🐎

124

3Oct 15 · 9:07 PM

Colm MacCárthaigh @colmmacc

Sometimes I'll just remember that zero effort zero merit dynastic inherited wealth and the most enriching passive income sources like capital gains enjoy lower tax rates than scraping by working for a living in a modest honest job and just wonder how revolutions don't happen.

87

5Oct 12 · 3:39 PM

Scott Piper @0xdabbad00

It's great to see a company talk about the migration and some of the gotchas of migrating to FIDO2 enforcement. "Buy yubikeys" is NOT the work involved in these efforts. I'm baffled that neither Yubico nor Okta offer meaningful assistance in these migrations.

Jack @jack_naglieri

One of the first things I did at Panther was configure SSO and hardware MFA.

Read about how our team has up-leveled with FIDO2 and Okta:

panther.com/blog/going-phi…

70

16Oct 14 · 5:29 PM

fwd:cloudsec @fwdcloudsec

fwd:cloudsec 2023 is in the early stages of planning. Currently looking at June 12th in Anaheim, CA. More details to follow in the next 30 days.

49

9Oct 13 · 5:07 PM

Brad Geesaman @bradgeesaman

This is a @FastAPI docs (fastapi.tiangolo.com) appreciation tweet.

It’s clear that a lot of hard work has been put into them, and it has saved me so so so so much time.

46

2Oct 13 · 12:47 PM

Brigid Johnson @bjohnso5y

"We are all PMs. Ownership 101" 📣 Best quote of the day from one my engineers who is driving some product goodness. This is why I ❤️ AWS.

45

3Oct 11 · 9:00 PM

Colm MacCárthaigh @colmmacc

A few more photos where you can get a sense of the wispy smoke that's been settling on Seattle. We badly need rain here in the PNW.