![Dragon Cloud Security Podcast artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts125/v4/f5/bb/79/f5bb79c8-0851-e52d-4444-ccc2c6651c3b/mza_17799935531748740141.jpg/100x100bb.jpg)
Google VRP Bugs, NSG Flow Logs,GCP Org Policies, NSA Kubernetes Hardening Guidance, Teams are Just Networks
Dragon Cloud Security Podcast
English - October 11, 2021 21:00 - 6 minutes - 4.61 MBTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Intro
Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597
Articleskdigger: a Context Discovery Tool for Kubernetes - https://blog.quarkslab.com/kdigger-a-context-discovery-tool-for-kubernetes.html
Azure AD and Windows Hello: SSO to on-premise resources - https://katystech.blog/2021/10/azure-ad-and-windows-hello-sso-to-on-premise-resources/
CVE-2021-26420: REMOTE CODE EXECUTION IN SHAREPOINT VIA WORKFLOW COMPILATION - https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
Understanding Azure Logs from a security perspective — Part 2 — NSG Flow Logs - https://davidokeyode.medium.com/understanding-azure-logs-from-a-security-perspective-part-2-nsg-flow-logs-3edc5c42f39a
4 Weird Google VRP Bugs in 40 Minutes - Hacktivity 2021 - https://www.youtube.com/watch?v=nP_y-Z-FXr0
AWS Backup adds an additional layer for backup protection with the availability of AWS Backup Vault Lock - https://aws.amazon.com/about-aws/whats-new/2021/10/aws-backup-backup-protection-aws-backup-vault-lock/
Time to Move Off Exchange Online DLP Policies - https://practical365.com/time-migrate-exchange-dlp-policies/
Common Conditional Access policies - https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common
How to use Azure Monitor workbooks for Azure Active Directory reports - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks
Microsoft MFA Adoption Numbers - https://twitter.com/ryanaraine/status/1446182370336403456
Drift detection tools: Terraform vs CloudFormation vs Bridgecrew - https://bridgecrew.io/blog/drift-detection-tools-terraform-vs-cloudformation-vs-bridgecrew/
$5000 Google IDOR Vulnerability Writeup - https://infosecwriteups.com/5000-google-idor-vulnerability-writeup-c7b45926abe9
A Closer Look at NSA/CISA Kubernetes Hardening Guidance - https://kubernetes.io/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/
Engineering Teams Are Just Networks - https://bellmar.medium.com/engineering-teams-are-just-networks-1fc16058879a
Reverse engineering and decrypting CyberArk vault credential files - https://jellevergeer.com/reverse-engineering-and-decrypting-cyberark-vault-credential-files/
Serverless Policy Enforcement: Connecting OPA and AWS Lambda - https://blog.openpolicyagent.org/serverless-policy-enforcement-connecting-opa-and-aws-lambda-e624f7176a3
Protect Your GitHub Actions with Semgrep - https://r2c.dev/blog/2021/protect-your-github-actions-with-semgrep/
Org Policies by default - https://medium.com/google-cloud/org-policies-by-default-3adc0c8925b0
Encryption with Transit Data Keys - https://medium.com/hashicorp-engineering/encryption-with-transit-data-keys-bfe5241ae194
ToolsCFN-diagram - https://github.com/mhlabs/cfn-diagram
CLI tool to visualise CloudFormation/SAM/CDK templates as diagrams.
OutroThat’s all for this episode. Thank you for listening and have a secure day!