It's official: I'm writing a book! ๐
"The CloudSec Engineer" will be a book on how to enter, establish yourself, and thrive in the cloud security industry as an individual contributor.
1/
Pinned Tweet
GIF
25
24
144
Show this thread
Follow
Marco Lancini
@lancinimarco
Principal Security Engineer
Writing CloudSecBooks.com
I tweet about Cloud Security and technical leadership
Subscribe to CloudSecList.comMarco Lanciniโs Tweets
๐ Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
User/tenant configuration choices matter when evaluating the overall security posture of an instance of Google Cloud Storage. From
2
6
โ๏ธ How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager
How to use third-party secrets manager as the source of truth for secrets, while replicating a subset of these secrets to AWS Secrets Manager.
2
โ๏ธ gato
An enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization. From
5
๐ Kubernetes and Cloud Security Associate (KCSA) certification coming in Q3 2023
3
This โฌ๏ธ
Quote Tweet
Companies like Microsoft would have an enormous amount of leverage and control as to how their user data is used by LLM providers like OpenAI to train better models.
What leverage do small companies have? Surely they just end up trading their user data for โAI-as-a-serviceโ?
Show this thread
1
๐ Enforcing Device AuthN & Compliance at Pinterest
How Pinterest enforced the use of managed and compliant devices in their Okta authentication flow, using a passwordless implementation. From
3
16
๐ Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms
A recap on privilege escalation and powerful permissions in Kubernetes and an analisys of the ways various platforms have addressed it. From
4
โ๏ธ Accessing Cloud SQL using Private Service Connect
How to privately connect to Cloud SQL from a remote network using PSC.
1
1
I have an automation that searches for mentions of my websites daily, which accounts for...
5 API requests per day
Not having a free tier seems a bit extreme
Quote Tweet
Starting February 9, we will no longer support free access to the Twitter API, both v2 and v1.1. A paid basic tier will be available instead 
Show this thread
1
๐ Tampering User Attributes In AWS Cognito User Pools
Post explaining AWS Cognito User Attributes tampering and introducing a free lab to experiment with. From
blog.doyensec.com/2023/01/24/tam
1
3
โ๏ธ YaraHunter
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
3
10
๐ Enhancing Kubernetes security with user namespaces
Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25. From
1
9
22
โ๏ธ Classic VM retirement: extending retirement date to September 1st 2023
Microsoft extended migration period for IaaS VMs from Azure Service Manager to Azure Resource Manager up to the 1st of September 2023.
1
๐ GitHub Container Registry private repos sometimesโฆ werenโt
GHCR had an information leak bug, where names of private repos were exposed. Here's the background on how it was reported and fixed. From
7
19
โ๏ธ AWS Cryptographic Computing for Clean Rooms (C3R)
The C3R encryption client and SDK provide client-side tooling which allows users to participate in AWS Clean Rooms collaborations leveraging cryptographic computing by pre- and post-processing data.
1
โ๏ธ Mitigate OWASP API security top 10 in Azure API Management
How to protect against common API-based vulnerabilities, as identified by the OWASP API Security Top 10 threats, using Azure API Management.
1
2
๐ Elevating Security Alert Management Using Automation
A post that describes the Brex Detection and Response Teamโs approach to managing and automating security alerts at scale. From
1
10
โ๏ธ GroovyWaiter
Exploiting and Securing Jenkins Instances at Scale
๐ A Guide to Running Sigstore Locally
How to stand up a Sigstore deployment on your own infrastructure on Kubernetes so that you will be able to take advantage of the benefits and the assurance of not exposing sensitive resources.
3
7
โ๏ธ Apply policy bundles and monitor policy compliance at scale for Kubernetes clusters
Policy Controller enables the enforcement of programmable policies for Anthos clusters. This blog is for introducing new features launched for ACM - Policy Controller.
1
๐ Security Drone: Scaling Continuous Security at Revolut
How Revolut uses a custom system to scale and improve their continuous security scanning.
4
โ๏ธ security-response-automation
Take automated actions on your Security Command Center findings.
1
2
20
โ๏ธ How to run AWS CloudHSM workloads in container environments
How to use Docker to develop, deploy, and run applications by using the CloudHSM SDK, and how to manage and orchestrate workloads by using tools and services like ECS, EKS, and Jenkins.
1
1
๐ Provisioning Kubernetes clusters on GCP with Terraform
Learn how you can leverage Terraform and GKE to provision identical clusters for development, staging and production environments with a single click.
1
2
6
๐ AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
The Datadog Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. From
3
11
โ๏ธ How to detect security issues in Amazon EKS clusters using Amazon GuardDuty
How to detect and investigate security issues in an EKS cluster with Amazon GuardDuty and Amazon Detective.
3
7
โ๏ธ permission-manager
Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW.
5
7
๐ Crane: Uberโs Next-Gen Infrastructure Stack
Post examining the original motivation and some key features behind Uber's been multi-year journey to reimagine their infrastructure stack for a hybrid, multi-cloud world. From
5
โ๏ธ Four phases of security transformation in financial services
Key principles that can serve as your guide when navigating a cloud security transformation journey.
1
โ๏ธ addlicense
A program which ensures source code files have copyright license headers by scanning directory patterns recursively.
1
Quote Tweet
My list of recommended cybersecurity news and information sources:
linkedin.com/pulse/my-recom
2
4
๐ Consider All Microservices Vulnerable โ And Monitor Their Behavior
Although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited.
1
3
10
โ๏ธ Log Analytics in Cloud Logging is now GA
Cloud Loggingโs Log Analytics, with advanced search, as well as aggregation and transformation of all log data types, is now generally available.
3
โ๏ธ terraform-google-modules
Terraform modules for Google Cloud, made by Google Cloud.
1
๐
Quote Tweet
Updated #azure problems with network outages now in status portal affecting network infrastructure in all regions
1
๐ Leaking Secrets From GitHub Actions
Different areas that could help leaking secrets from GitHub Actions workflows: reading files and environment variables, intercepting network/process communication, and dumping memory. From
karimrahal.com/2023/01/05/git
2
4
Where can I find the best resources (preferably books) to learn how to "properly" design tables in AWS DynamoDB?
1
1
โ๏ธ Setting up a secure CI/CD pipeline in a private Amazon Virtual Private Cloud with no public internet access
1
1