Dragon Cloud Security Podcast artwork

Dragon Cloud Security Podcast

12 episodes - English - Latest episode: over 2 years ago -

A weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Technology
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Episodes

IAMZERO, Demystifing Conditional Access, ChaosDB Exaplained, Intune bug, Hunting for Secrets in Docker

November 15, 2021 21:00 - 6 minutes - 4.26 MB

 Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 and http://blackwombat.com .

Canarytokens, Evolve Zero Trust Microsoft Whitepaper, Helm Scanner, Semgrep with Terraform

November 08, 2021 21:00 - 5 minutes - 3.98 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: http://blackwombat.com/2021/11/08/dragon-cloud-security-podcast-s01e11/ Outro That’s all for this episode. Thank you for listening and have a secure day!

Containers Breakout, Kaspersky SES stolen, Supply Chain Attack Defense, MFA, Semgrep

November 03, 2021 23:00 - 25 seconds - 338 KB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 This episode: http://blackwombat.com/2021/11/03/dragon-cloud-security-podcast-s01e10/ Articles Abusing Registries For Exfil And Droppers - https://www.antitree.com/2021/10/abusing-registries-for-exfil-and-droppers/  Kaspersky...

GitHub Actions Security Best Practices, TeamTNT Malicious Docker Image, AWS WF Bug, NPM Malware, Discourse SNS RCE

October 26, 2021 10:00 - 7 minutes - 5.39 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Team TNT Deploys Malicious Docker Image On Docker Hub - https://www.uptycs.com/blog/team-tnt-deploys-malicious-docker-image-on-docker-hub-with-pentesting-tools  Attacking and Securing CI/CD Pipeline - https://speaker...

Kubernetes Notebooks and checklists, K8 Hacking Book, GitHub Actions Vulnerability, TwitchLeak analysis, Azure Priv Esc

October 18, 2021 22:00 - 7 minutes - 5.04 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Automating the deployment of Sysmon for Linux and Azure Sentinel in a lab environment - https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/28470...

Google VRP Bugs, NSG Flow Logs,GCP Org Policies, NSA Kubernetes Hardening Guidance, Teams are Just Networks

October 11, 2021 21:00 - 6 minutes - 4.61 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles kdigger: a Context Discovery Tool for Kubernetes - https://blog.quarkslab.com/kdigger-a-context-discovery-tool-for-kubernetes.html Azure AD and Windows Hello: SSO to on-premise resources - https://katystech.blog/2021...

Azure AD Logon Brute Force, Trystero, IAMVulnerable, RBAC in Kubernetes, Ransom Risk MGMT in AWS

October 03, 2021 16:00 - 7 minutes - 5.09 MB

Cloud Security Podcast – S01E05 URLs Only Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Introducing the Ransomware Risk Management on AWS Whitepaper - https://aws.amazon.com/blogs/security/introducing-the-ransomware-risk-management-on-aws-whitepaper/   Config...

WorkSpace RCE, M365 Basic Auth Disabled, VMware vCenter cve-2021-22005, ZeroTrust Kubernetes

September 26, 2021 20:00 - 8 minutes - 5.81 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Basic Authentication for All Exchange Online Tenants Stops in October 2022 - https://office365itpros.com/2021/09/24/basic-authentication-exchange-online-tenants-stops-october-2022/ AWS WorkSpaces Remote Code Executio...

OMIGOD, Travis CI Vuln, M365 Mitre Attack, FWD:CloudSec

September 20, 2021 23:00 - 8 minutes - 5.67 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution - https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution; https://github.com/horizon3ai/CVE-2021-38647 Office...

Azurescape, GCP Vuln, Cloud Ransomware, JIRA RCE, gcpHound

September 13, 2021 20:00 - 8 minutes - 5.88 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles I Analysed 100+ Cloud Job Descriptions: Here's What I Discovered - https://www.youtube.com/watch?v=IjYo-LS6lVY IAM Vulnerable - An AWS IAM Privilege Escalation Playground - https://labs.bishopfox.com/tech-blog/iam-vu...

Free CA, AWS Priv Esc, Enum, Hopper, Vault AppRole, AWS Cert Challange

September 06, 2021 20:00 - 11 minutes - 7.64 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597 Articles Backdoor Office 365 and Active Directory - Golden -SAML - https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html More than 10% of Firebase databases are open and exposing data – https://therecord.m...

ChaosDB, S3 threat model, Attacking Azure AD, Illogical Apps

August 30, 2021 16:00 - 6 minutes - 4.26 MB

Intro Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. News ChaosDB - https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases How to contact Google SRE: Dropping a shell in cloud SQL - https://offensi.com/2020/08/18/how-to-contact-google-sre-dropping-a-shell-in-cloud-sql/ EC2 IPV6 - https://twitter.com/0xdabbad00/status/1430597907057549315 BHUSA 20...

Twitter Mentions

@0xdabbad00 1 Episode
@donkersgood 1 Episode
@microsoftpress 1 Episode
@jamesoff 1 Episode
@divinetechygirl 1 Episode
@ryanaraine 1 Episode
@vanhybrid 1 Episode
@peter_szilagyi 1 Episode
@devansh3008 1 Episode
@rodtrent 1 Episode
@jeffbarr 1 Episode
@simonholdorf 1 Episode
@netspi 1 Episode
@fallontonight 1 Episode
@zoph 1 Episode