☁️ AWS Network Firewall egress filtering can be easily bypassed By by spoofing the destination host name Thus, an attacker inside your VPC can still exfiltrate data canglad.com/blog/2023/aws-…

I love the ja3 callout. I hope they integrate with ja4 soon, it’s soo much better.

The HugOps Song was written for such a time as this. Hugs to CrowdStrike, but even more so to the IT teams around the world dealing with the fallout of this outage.

🤩 HVL! 🔥 🇺🇸 Her goal for #Paris2024 - Get buckets, Get Gold! 🥇 #3x3Basketball #Olympics

🪿 Excited to work again with Tracebit - this time on real world attacks and the role canaries could play in their detection! ft. Scattered Spider (Permiso Security), Muddled Libra, and a ransomware event shared fwd:cloudsec tracebit.com/blog/canary-in… Diagrams in thread...

My Methodology to AWS Detection Engineering (Part 1: Object Selection) Chester Le Bron walks through how to apply risk based concepts to AWS detection engineering. chesterlebron.blogspot.com/2024/08/my-met…

AWS has released functionality to make IAM api calls over VPC Endpoints! This unblocks a long standing problem for bypassing the InstanceCredentialExfiltration GuardDuty finding! aws.amazon.com/about-aws/what…

🐐‼️

Check out the next part in my blog series on detection engineering for AWS. This part focuses on core logic of score assignment in RBA but full disclosure, this is not exclusive to AWS but is an important necessity before getting into Part Three 👀. chesterlebron.blogspot.com/2024/08/my-met…

Catalog network and host artifacts associated with various EDR products "shell" and response functionalities github.com/cbecks2/edr-ar…

📖 CloudSecList Issue 253 just got released, w/ content from Trail of Bits Paul Butler @OrcaSec Rami McCarthy and more! cloudseclist.com/issues/issue-2…

D'oh, so you leaked your AWS credentials 🤦‍♂️ Does it matter 𝐰𝐡𝐞𝐫𝐞? It turns out there's a HUGE difference in how fast attackers will find them. Idan Ben Ari deployed canary tokens (fake AWS credentials) using Thinkst Canary to a number of different locations and analyzed:

This article appeared in issue 172 of the AWS Security Digest newsletter. awssecuritydigest.com/past-issues/aw… Get the latest AWS security research, news, and technical updates in your email inbox. Subscribe at awssecuritydigest.com

Getting a mention in tldrsec newsletter is so dope. One of my favorite reads every week.

FEVER ARE HEADING TO THE PLAYOFFS IN CAITLIN CLARK’S ROOKIE YEAR 🚨🤯 Postseason drought is officially over in Indiana 😤

🤖 tl;dr sec 246 🗡️ GitHub Actions Attack Diagram Adnan Khan 🤫 The Worst Places to Leak Secrets 😈 Red Team TTPs 🧠 Security Awareness & Secure Coding Tanya Janca 🤖 Tech behind @Semgrep Assistant ☁️ Cloud infra the wrong way, but faster Trail of Bits

My Methodology to AWS Detection Engineering (Part 2: Risk Assignment) by Chester Le Bron Part 1 appeared in issue 171 and was the most clicked article despite being in the bonus section with no summary. In part 2, Chester covers the key components that make up his "risk assignment

🛎️ AWS Security Digest 174 is out! 1️⃣ Eleventeen ways to delete an AWS resource by Rami McCarthy and Daniel Grzelak 2️⃣ AWS vs Azure: A “Secure by default” comparison by Stefan Tita 3️⃣ Implementing CNAPP: Key Considerations for Success by naman16 Bonus: The Challenges of API

Being "nice" is hurting your leadership - Nice leaders want to be liked. Kind leaders build trust Choose the harder path. Be kind. Please repost to help others out there! ♻️