Dragon Cloud Security Podcast
12 episodes - English - Latest episode: over 2 years ago -A weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
IAMZERO, Demystifing Conditional Access, ChaosDB Exaplained, Intune bug, Hunting for Secrets in Docker
November 15, 2021 21:00 - 6 minutes - 4.26 MBWelcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 and http://blackwombat.com .
Canarytokens, Evolve Zero Trust Microsoft Whitepaper, Helm Scanner, Semgrep with Terraform
November 08, 2021 21:00 - 5 minutes - 3.98 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: http://blackwombat.com/2021/11/08/dragon-cloud-security-podcast-s01e11/ Outro That’s all for this episode. Thank you for listening and have a secure day!
Containers Breakout, Kaspersky SES stolen, Supply Chain Attack Defense, MFA, Semgrep
November 03, 2021 23:00 - 25 seconds - 338 KBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 This episode: http://blackwombat.com/2021/11/03/dragon-cloud-security-podcast-s01e10/ Articles Abusing Registries For Exfil And Droppers - https://www.antitree.com/2021/10/abusing-registries-for-exfil-and-droppers/ Kaspersky...
GitHub Actions Security Best Practices, TeamTNT Malicious Docker Image, AWS WF Bug, NPM Malware, Discourse SNS RCE
October 26, 2021 10:00 - 7 minutes - 5.39 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Team TNT Deploys Malicious Docker Image On Docker Hub - https://www.uptycs.com/blog/team-tnt-deploys-malicious-docker-image-on-docker-hub-with-pentesting-tools Attacking and Securing CI/CD Pipeline - https://speaker...
Kubernetes Notebooks and checklists, K8 Hacking Book, GitHub Actions Vulnerability, TwitchLeak analysis, Azure Priv Esc
October 18, 2021 22:00 - 7 minutes - 5.04 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Automating the deployment of Sysmon for Linux and Azure Sentinel in a lab environment - https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/28470...
Google VRP Bugs, NSG Flow Logs,GCP Org Policies, NSA Kubernetes Hardening Guidance, Teams are Just Networks
October 11, 2021 21:00 - 6 minutes - 4.61 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles kdigger: a Context Discovery Tool for Kubernetes - https://blog.quarkslab.com/kdigger-a-context-discovery-tool-for-kubernetes.html Azure AD and Windows Hello: SSO to on-premise resources - https://katystech.blog/2021...
Azure AD Logon Brute Force, Trystero, IAMVulnerable, RBAC in Kubernetes, Ransom Risk MGMT in AWS
October 03, 2021 16:00 - 7 minutes - 5.09 MBCloud Security Podcast – S01E05 URLs Only Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Introducing the Ransomware Risk Management on AWS Whitepaper - https://aws.amazon.com/blogs/security/introducing-the-ransomware-risk-management-on-aws-whitepaper/ Config...
WorkSpace RCE, M365 Basic Auth Disabled, VMware vCenter cve-2021-22005, ZeroTrust Kubernetes
September 26, 2021 20:00 - 8 minutes - 5.81 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Basic Authentication for All Exchange Online Tenants Stops in October 2022 - https://office365itpros.com/2021/09/24/basic-authentication-exchange-online-tenants-stops-october-2022/ AWS WorkSpaces Remote Code Executio...
OMIGOD, Travis CI Vuln, M365 Mitre Attack, FWD:CloudSec
September 20, 2021 23:00 - 8 minutes - 5.67 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution - https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution; https://github.com/horizon3ai/CVE-2021-38647 Office...
Azurescape, GCP Vuln, Cloud Ransomware, JIRA RCE, gcpHound
September 13, 2021 20:00 - 8 minutes - 5.88 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles I Analysed 100+ Cloud Job Descriptions: Here's What I Discovered - https://www.youtube.com/watch?v=IjYo-LS6lVY IAM Vulnerable - An AWS IAM Privilege Escalation Playground - https://labs.bishopfox.com/tech-blog/iam-vu...
Free CA, AWS Priv Esc, Enum, Hopper, Vault AppRole, AWS Cert Challange
September 06, 2021 20:00 - 11 minutes - 7.64 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Backdoor Office 365 and Active Directory - Golden -SAML - https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html More than 10% of Firebase databases are open and exposing data – https://therecord.m...
ChaosDB, S3 threat model, Attacking Azure AD, Illogical Apps
August 30, 2021 16:00 - 6 minutes - 4.26 MBIntro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. News ChaosDB - https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases How to contact Google SRE: Dropping a shell in cloud SQL - https://offensi.com/2020/08/18/how-to-contact-google-sre-dropping-a-shell-in-cloud-sql/ EC2 IPV6 - https://twitter.com/0xdabbad00/status/1430597907057549315 BHUSA 20...