Dragon Cloud Security Podcast artwork

Azurescape, GCP Vuln, Cloud Ransomware, JIRA RCE, gcpHound

Dragon Cloud Security Podcast

English - September 13, 2021 20:00 - 8 minutes - 5.88 MB
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Free CA, AWS Priv Esc, Enum, Hopper, Vault AppRole, AWS Cert Challange
Next Episode: OMIGOD, Travis CI Vuln, M365 Mitre Attack, FWD:CloudSec

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

I Analysed 100+ Cloud Job Descriptions: Here's What I Discovered - https://www.youtube.com/watch?v=IjYo-LS6lVY

IAM Vulnerable - An AWS IAM Privilege Escalation Playground - https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground

GODFATHER OF LOGGING - https://call4cloud.nl/2021/09/godfather-of-logging/

THE CONDITIONAL ACCESS EXPERIMENT - https://call4cloud.nl/2020/11/the-conditional-access-experiment/

THE DEATH OF COMPLIANCE - https://call4cloud.nl/2021/08/the-death-of-compliance/

RCE in Jira Service Management Server - https://github.com/PetrusViet/CVE-2021-39115

Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances - https://unit42.paloaltonetworks.com/azure-container-instances/ ; https://davidokeyode.medium.com/09-09new-azure-container-instance-vulnerability-what-to-do-188502d9ca29

Require Device Compliance for the non-primary user - https://365bythijs.be/2021/09/08/require-device-compliance-for-the-non-primary-user/

gcpHound : A Swiss Army Knife Offensive Toolkit for Google Cloud Platform (GCP) - https://desi-jarvis.medium.com/gcphound-a-swiss-army-knife-offensive-toolkit-for-google-cloud-platform-gcp-fb9e18b959b4

Accessing AZ CLI remotely via NodeJS express app - https://securecloud.blog/2021/09/07/demo-accessing-az-cli-remotely-via-nodejs-express-app/

An exciting journey to find SSRF, Bypass Cloudflare, and extract AWS metadata! - https://infosecwriteups.com/an-exciting-journey-to-find-ssrf-bypass-cloudflare-and-extract-aws-metadata-fdb8be0b5f79

How to Inject Secrets from AWS, GCP, or Vault Into a Kubernetes Pod - https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892

Automate Your Security in GCP with Serverless Computing - https://www.youtube.com/watch?v=jCQTeglIfeI

Azure Defenses for Ransomware Attack - https://azure.microsoft.com/en-us/resources/azure-defenses-for-ransomware-attack/

Cloud-Native Attacks on Availability: How Ransomware Can Follow You to the Cloud - https://www.brighttalk.com/webcast/10415/502092

Swimming past 2FA, part 2: How to investigate Okta compromise - https://expel.io/blog/swimming-past-2fa-part-2-investigate-okta-compromise/

Bypassing GCP Org Policy with Custom Metadata - https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html

ToolsAWSXenos - https://github.com/AirWalk-Digital/AWSXenosIAM Vulnerable - https://github.com/BishopFox/iam-vulnerableAzure Outlook C2 - https://github.com/boku7/azureOutlookC2Outside Office Hours activity - https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Sign-in%20-%20Auditlog%20outside%20office%20hours.mdOPENCSM - https://github.com/OpenCSPM/opencspmMagpie - https://github.com/openraven/magpieCloudsploit - https://github.com/aquasecurity/cloudsploitCloud Custodian - https://github.com/cloud-custodian/cloud-custodianPrincipal Mapper - https://github.com/nccgroup/PMapperSHAREPOINT PERMISSION AUDITING - https://www.lieben.nu/liebensraum/2021/09/sharepoint-permission-auditing/Outro

That’s all for this episode. Thank you for listening and have a secure day!