OMIGOD, Travis CI Vuln, M365 Mitre Attack, FWD:CloudSec
Dragon Cloud Security Podcast
English - September 20, 2021 23:00 - 8 minutes - 5.67 MBTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Intro
Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597
Articles“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution - https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution; https://github.com/horizon3ai/CVE-2021-38647
Office365 Attacks: Bypassing MFA, Achieving Persistence and More - https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
PUBLIC SHAREPOINT SITES – THE NEW OPEN SHARES - https://zolder.io/public-sharepoint-sites-the-new-open-shares/
Rory Kubernetes Security - https://www.youtube.com/watch?v=3ulsQzRHoLk&t=15573s
Azure Sentinel – Detect Service Connection use outside of pipeline - https://securecloud.blog/2021/09/15/azure-sentinel-detect-service-connection-use-outside-of-pipeline/
Fwdsec Security Guardrails at Scale in Azure - https://www.youtube.com/watch?v=JtiLnIUmUic&t=9632s
Disaster recovery compliance in the cloud, part 2: A structured approach - https://aws.amazon.com/blogs/security/disaster-recovery-compliance-in-the-cloud-part-2-a-structured-approach/
The passwordless future is here for your Microsoft account - https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/; https://twitter.com/FallonTonight/status/1438880436185305088
Hunters Research: Detecting Obfuscated Attacker IPs in AWS - https://www.hunters.ai/blog/hunters-research-detecting-obfuscated-attacker-ip-in-aws
A Kubernetes engineer’s guide to mTLS - https://buoyant.io/mtls-guide/
AWS federation comes to GitHub Actions - https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html
Escalating Azure Privileges with the Log Analytics Contributor Role - https://www.netspi.com/blog/technical/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/
Protect your remote workforce by using a managed DNS firewall and network firewall - https://aws.amazon.com/blogs/security/protect-your-remote-workforce-by-using-a-managed-dns-firewall-and-network-firewall/
Discover sensitive Key Vault operations with Azure Sentinel - https://zimmergren.net/sensitive-key-vault-operations-with-azure-sentinel/
Policy as Code: the future is bright - https://cybercto.substack.com/p/policy-as-code-the-future-is-bright
Penetration Testing Azure for Ethical Hackers - https://twitter.com/NetSPI/status/1438564622425014274
Anatomy of a Cloud Infrastructure Attack via a Pull Request - https://goteleport.com/blog/hack-via-pull-request/
THE MAGNIFICENT ASR RULES - https://call4cloud.nl/2020/07/the-magnificent-asr-rules/#part4
HTB Sink - https://0xdf.gitlab.io/2021/09/18/htb-sink.html
Travis CI Security Bulletin - https://twitter.com/peter_szilagyi/status/1437646118700175360
Tools
oidc-auth-google-cloud - https://github.com/sethvargo/oidc-auth-google-cloud
Go365 - https://github.com/optiv/Go365
AzureHunter - https://github.com/darkquasar/AzureHunter
Outro
That’s all for this episode. Thank you for listening and have a secure day!