21708
🙌🏻 No Piracy/ No Spam. 🙏🏻 https://whatsapp.com/channel/0029Va50ME50LKZ6EzfdfI0E Buy Advertising Space 👇 https://telega.io/c/hacking_group_channel
🚨New Amazon EKS Security Workshop ! 🚨
ℹ️ You can run it yourself in a sandbox/testing account in your organization or you can run it on AWS events, where AWS provide the accounts.
The topics in this workshop is catered towards commonly asked Amazon EKS Security features by customers, and will help you to quickly get-started with Amazon EKS Security.
This workshop is catered towards use cases, requirement and ask that most of our customers have demanded as part of Amazon EKS Immersions done in the past.
📍Identity and Access Management
📍Pod Security
📍Tenant Isolation
📍Auditing and logging
📍Network security
📍Data encryption & secrets Mgmnt
📍Runtime security
📍Infrastructure Security
📍Regulatory Compliance
Incident response and forensics
Image security
https://catalog.us-east-1.prod.workshops.aws/workshops/165b0729-2791-4452-8920-53b734419050/en-US?es_id=42113a33e2
🟢
🚨*69 Ways to F*** Up Your Software Deployment CI/CD Pipeline*🚨
ℹ️_Co-authored by Kelly Shortridge and Ryan Petrich_
We hear about all the ways to make your deploys so glorious that your pipelines poop rainbows and services saunter off into the sunset together. But what we don’t see as much is folklore of how to make your deploys suffer.1
Where are the nightmarish tales of our brave little deploy quivering in their worn, unpatched boots – trembling in a realm gory and grim where pipelines rumble towards the thorny, howling woods of production? Such tales are swept aside so we can pretend the world is nice (it is not).
To address this poignant market painpoint, we created this compendium of possible deployment "screwups" to help mortals avoid pain and pandemonium in the future. We structured the post into 10 themes of "screwups" plus the singularly horrible "screwup" of manual deployments. (And needless to say, the language within is not PG-rated).
The ten themes of deployment "screwups" are:
* Identity Crisis
* Loggers and Monitaurs
* Playing with Deployment Mismatches
* Configuration Tarnation
* Statefulness is Hard
* Net-not-working
* Rolls and Reboots
* Disorganized Organization
* Business Illogic
* The Audacity of Spacetime
From there, we offer reasons A through Z of why manual deploys constitute the worst "screwup" of all. I know all of us are Very curious to hear whether you've lived through any of these "screwups" or if there are other haunting deployment tales you wish to share.
🚨🔒 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 (𝗔𝗪𝗦 & 𝗔𝘇𝘂𝗿𝗲) 🔒🚨
Common cloud security attacks for AWS and Azure in this overview, featuring a list of attack vectors compiled by Joas A Santos. This document highlights various threats, including privilege escalation, resource injection, and phishing, along with tools and methods to improve your cloud security.
🔴*Notable attacks covered include*:🔴
🔒 Privilege Escalation to SYSTEM in AWS VPN Client
💻 AWS WorkSpaces Remote Code Execution
🐫 Resource Injection in CloudFormation Templates
💾 Exploring AWS EBS Snapshots
🔫 Weaponizing AWS ECS Task Definitions for Credential Theft
🎭 Golden SAML Attack in Azure
Credit: Joas A Santos
🌩️ Follow these seven essential tips to protect your cloud
infrastructure:
1️⃣ Implement Strong Access Controls: Use multi-factor authentication (MFA) and role-based access control (RBAC) to limit user access based on job responsibilities, reducing the attack surface.
2️⃣ Monitor and Audit Regularly: Set up continuous monitoring and logging to detect suspicious activity. Utilize native tools provided by AWS (e.g., GuardDuty, CloudTrail) or Azure (e.g., Azure Security Center, Azure Monitor) to analyze logs and detect potential threats.
3️⃣ Encrypt Data at Rest and in Transit: Use built-in encryption features or third-party tools to protect sensitive data, both at rest and during transmission.
4️⃣ Update and Patch Regularly: Keep your infrastructure up-to-date by applying patches and updates promptly. Enable automatic updates when possible.
5️⃣ Secure Cloud Storage: Configure secure access controls and bucket policies for cloud storage. Regularly review permissions, limit public access, and use AWS S3 Block Public Access or Azure Blob Storage Service Firewall to restrict access.
6️⃣ Implement Network Security Best Practices: Set up firewalls, configure security groups, and use network access control lists (NACLs) to control traffic. Implement a virtual private cloud (VPC) in AWS or a virtual network in Azure for added protection.
7️⃣ Conduct Regular Security Assessments: Perform vulnerability assessments and penetration testing to identify and fix security gaps. Use tools like AWS Inspector or Azure Security Center's Secure Score for insights into your security posture.
https://github.com/paralax/awesome-cybersecurity-internships
Читать полностью…
🔥 Telegram bot for monitoring/searching new CVE & PoCs
🤖 @pocfather_bot can provide:
✔️ Monitoring new CVE (using filters)
✔️ Monitoring new PoCs (using filters)
✔️ CVE related info
✔️ CVE search
✔️ PoCs search
CVE/PoC monitoring modes:
⭕️ CVE/Level
⭕️ CVE/Keywords
⭕️ PoC/Keywords
⭕️ PoC/Vendor Products
@pocfather_bot
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
Читать полностью…
https://expel.com/blog/kubernetes-security-what-to-look-for/
Читать полностью…
https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
Читать полностью…
https://www.opensecuritytraining.info/Training.html
the older version of site which has more content
🟢
🚨*Cybersecurity Incident & Vulnerability Response Playbooks by Cybersecurity and Infrastructure Security Agency*🚨
☠ ‼️When to use this playbook ?
Use this playbook for incidents that involve confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out.
‼️*For example*:‼️
⏭️ Incidents involving lateral movement, credential access, exfiltration of data
⏭️ Network intrusions involving more than one user orsystem
⏭️ Compromised administrator accounts
This playbook does not apply to activity that does not appear to have such major incident potential, such as:
⏭️ “Spills” of classified information or other incidents that are believed to result from unintentional behavior only
⏭️ Users clicking on phishing emails when nocompromise results
⏭️ Commodity malware on a single machine or lost hardware that, in either case, is not likely to resultin demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
‼️*👨✈️ INCIDENT RESPONSE PLAYBOOK* ‼️
This playbook provides a standardized response process for cybersecurity incidents and describes the process and completion through the incident response phases as defined in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 Rev. 2,5 including preparation, detection and analysis, containment, eradication and recovery, and post-incident activities.
This playbook describes the process FCEB agencies should follow for confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out.
⏭️ Incident response can be initiated by severaltypes of events, including but not limited to:
⏭️ Automated detection systems or sensoralerts
⏭️ Agency user report
⏭️ Contractor or third-party ICT service provider report
⏭️ Internal or external organizational component incident report or situationalawareness update
⏭️ Third-party reporting of network activity toknown compromised infrastructure, detectionof malicious code, loss of services, etc.
⏭️ Analytics or hunt teams that identify potentially malicious or otherwise unauthorized activity
*Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service*
*The attacks caused a Denial of Service (DoS) that made NPM unstable with sporadic “Service Unavailable” errors.
*Malicious campaigns targeting open-source ecosystems are causing a flood of spam, SEO poisoning, and malware infection.
*The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems’ good reputation on search engines.
*The campaigns included a malware infection campaign, a referral scam campaign linked to AliExpress, and a crypto scam campaign targeting Russian users on Telegram.
Checkmarx research team led by Jossef Harush Kadouri worked relentlessly to analyze those attacks.
The scale of this campaign is significant. The load caused NPM to become unstable with sporadic “Service Unavailable” errors.
The battle against threat actors poisoning our software supply chain ecosystem continues to be challenging, as attackers constantly adapt and surprise the industry with new and unexpected techniques.
Working together to keep the eco system safe
Medium Article: https://lnkd.in/d22y7tig
Do you enjoy reading this channel?
Perhaps you have thought about placing ads on it?
To do this, follow three simple steps:
1) Sign up: https://telega.io/c/hacking_group_channel
2) Top up the balance in a convenient way
3) Create an advertising post
If the topic of your post fits our channel, we will publish it with pleasure.
https://www.bitestring.com/posts/2023-03-19-web-fingerprinting-is-worse-than-I-thought.html
Читать полностью…
https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html
Читать полностью…
https://www.yassineaboukir.com/blog/exploitation-of-an-SSRF-vulnerability-against-EC2-IMDSv2/
Читать полностью…
VulnPlanet - Well-structured vulnerable code snippets with fixes for Web2, Web3, API, Mobile (iOS and Android) and Infrastructure-as-Code (IaC)
Do you have great vuln code examples with fixes? Don't hesitate to open the PR :)
https://github.com/yevh/VulnPlanet