Dragon Cloud Security Podcast artwork

Azure AD Logon Brute Force, Trystero, IAMVulnerable, RBAC in Kubernetes, Ransom Risk MGMT in AWS

Dragon Cloud Security Podcast

English - October 03, 2021 16:00 - 7 minutes - 5.09 MB
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: WorkSpace RCE, M365 Basic Auth Disabled, VMware vCenter cve-2021-22005, ZeroTrust Kubernetes
Next Episode: Google VRP Bugs, NSG Flow Logs,GCP Org Policies, NSA Kubernetes Hardening Guidance, Teams are Just Networks

Cloud Security Podcast – S01E05

URLs Only

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

Introducing the Ransomware Risk Management on AWS Whitepaper - https://aws.amazon.com/blogs/security/introducing-the-ransomware-risk-management-on-aws-whitepaper/

 

Configuring RBAC in Kubernetes - https://kubelist.com/issue/142/

 

Breaking Azure AD joined endpoints in zero-trust environments - https://www.youtube.com/watch?v=OigKnI68Sfo

 

Detect Audit Policy Modifications with Microsoft 365 Defender - https://www.verboon.info/2021/09/detect-audit-policy-modifications-with-microsoft-365-defender/

 

Verify Container Image Signatures in Kubernetes using Notary or Cosign or both - https://medium.com/sse-blog/verify-container-image-signatures-in-kubernetes-using-notary-or-cosign-or-both-c25d9e79ec45

 

Configuring Office 365 settings using PowerShell – The non-supported way - https://evotec.xyz/configuring-office-365-settings-using-powershell-the-non-supported-way/, https://github.com/EvotecIT/O365Essentials

 

Can’t Contain Poop — Container Security CTF - https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e

 

Undetected Azure Active Directory Brute-Force Attacks - https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks

 

Attacks on Azure AD and M365: Pawning the cloud, PTA Skeleton Keys and more - PART II - https://www.inversecos.com/2021/10/attacks-on-azure-ad-and-m365-pawning.html

 

The Trystero Project - https://labs.inquest.net/trystero

 

Integrate Azure AD logs with Azure Monitor logs - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics

 

How To Build Strong Security Guardrails in the AWS Cloud With Minimal Effort - https://markn.ca/2021/how-to-build-strong-security-guardrails-in-the-aws-cloud-with-minimal-effort/

 

Validate IAM policies in CloudFormation templates using IAM Access Analyzer - https://aws.amazon.com/blogs/security/validate-iam-policies-in-cloudformation-templates-using-iam-access-analyzer/

 

Cloud Audit Academy - https://www.aws.training/Details/eLearning?id=41556

 

Azure Service Authentication and Authorization table - https://github.com/jsa2/aad-auth-n-z/blob/main/readme.md

 

Practicing AWS security with IAMVulnerable - Part 2 and 3 - https://s3cur3.it/home/practicing-aws-security-with-iamvulnerable-part-2, https://s3cur3.it/home/practicing-aws-security-with-iamvulnerable-part-3

 

Tools

Automated Cloud Advisor - https://disneystreaming.github.io/automated-cloud-advisor/docs/start.html

 

Azure AD - Allow or block invitations to B2B users - https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Azure%20AD%20-%20B2B%20policy%20changes%20-%20AllowedDomains.md

 

Azure AD Logon Brute-Force Tools- https://github.com/knavesec/CredMaster/blob/master/plugins/azuresso/azuresso.py, https://github.com/treebuilder/aad-sso-enum-brute-spray/blob/14b2bb72fd1238552c417e22f9e799b07d33fc35/aad-sso-enum-brute-spray.ps1, https://github.com/nyxgeek/AzureAD_Autologon_Brute

 

Rover - https://github.com/im2nguyen/rover

 

Outro

That’s all for this episode. Thank you for listening and have a secure day!