recentpopularlog in

whip_lash : cloud   55

Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments | GitLab
This post does not outline any new vulnerabilities in Google Cloud Platform but outlines ways that an attacker who has already gained an unprivileged foothold on a cloud instance may perform reconnaissance, privilege escalation and eventually complete compromise of an environment.
cloud  gcp  pentest  redteam  privilegeescalation  privesc  pentesting 
7 days ago by whip_lash
Announcing General Availability of CloudSploit by Aqua for GCP
Aqua Security announced the general availability of CloudSploit by Aqua for Google Cloud Platform (GCP). This release comes after an extended beta program, during which we worked closely with our customers to develop and deliver a robust set of out-of-the-box policies for GCP. This release also includes a Center for Internet Security (CIS) benchmark certification for GCP.
gcp  security  tool  cloud 
4 weeks ago by whip_lash
BeyondProd: A new approach to cloud-native security  |  Documentation  |  Google Cloud
In this whitepaper, we provide details on how several pieces of Google’s infrastructure work together to protect workloads一in an architecture that is now known as "cloud-native". For an overview of Google’s security, see the Security Infrastructure Design whitepaper.
security  architecture  cloud  google  beyondprod  zero-trust  secops 
8 weeks ago by whip_lash
Announcing the Cloud Native Security Hub | Sysdig
Standardized infrastructure enables sharing application resources across entities. We are taking advantage of this with the Cloud Native Security Hub.
cloud  security 
12 weeks ago by whip_lash
shuaibiyy/awesome-terraform: Curated list of resources on HashiCorp's Terraform
Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
terraform  automation  cloud 
september 2019 by whip_lash
Forseti Security / About
Forseti Security is a collection of community-driven, open-source tools to help you improve the security of your Google Cloud Platform (GCP) environments. Forseti consists of core modules that you can enable, configure, and execute independently of each other. Community contributors are also developing add-on modules to offer unique capabilities. Forseti’s core modules work together, and provide a foundation that others can build upon.
forseti  gcp  cloud  security 
august 2019 by whip_lash
cloud-custodian/cloud-custodian: Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

Custodian policies are written in simple YAML configuration files that enable users to specify policies on a resource type (EC2, ASG, Redshift, CosmosDB, PubSub Topic) and are constructed from a vocabulary of filters and actions.

It integrates with the cloud native serverless capabilities of each provider to provide for real time enforcement of policies with builtin provisioning. Or it can be run as a simple cron job on a server to execute against large existing fleets.
aws  gcp  cloud  compliance  security 
july 2019 by whip_lash
Cloudgoat 2 Walkthrough - Part Five ·
This is the final part of a five part series exploring CloudGoat 2, a “vulnerable by design” AWS deployment tool from Rhino Security Labs, which is a great resource for learning about performing pen tests on AWS environments and, by proxy, defending your own accounts from the same issues.
aws  cloud  cloudgoat  ctf 
july 2019 by whip_lash
Serverless Microservice Patterns for AWS - Jeremy Daly
I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.
architecture  aws  cloud  lambda  serverless  microservices 
june 2019 by whip_lash
Google Cloud Platform Fundamentals for AWS Professionals | Coursera
This accelerated 6-hour course with labs introduces AWS professionals to the core capabilities of Google Cloud Platform (GCP) in the four technology pillars: networking, compute, storage, and database. It is designed for AWS Solution Architects and SysOps Administrators familiar with AWS features and setup and want to gain experience configuring GCP products immediately. With presentations, demos, and hands-on labs, participants get details of similarities, differences, and initial h...
google  gcp  cloud  course 
may 2019 by whip_lash
Cloud Posse · GitHub
terraform  cloud  devops 
may 2019 by whip_lash
AWS Elastic Beanstalk – Deploy Web Applications
You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.

There is no additional charge for Elastic Beanstalk - you pay only for the AWS resources needed to store and run your applications.
aws  cloud  infrastructure  beanstalk 
may 2019 by whip_lash
Terraform: What modules by a specific creator do you prefer to use? Or do you prefer to create your own? : devops
Anything made by cloudposse is very good quality. While I couldn't use every module as-is, it's still very useful to see how they implement functionalities
terraform  devops  cloud 
may 2019 by whip_lash
AWS Fargate - Run containers without having to manage servers or clusters
AWS Fargate seamlessly integrates with Amazon ECS. You just define your application as you do for Amazon ECS. You package your application into task definitions, specify the CPU and memory needed, define the networking and IAM policies that each container needs, and upload everything to Amazon ECS. After everything is setup, AWS Fargate launches and manages your containers for you.
aws  cloud  containers  docker 
may 2019 by whip_lash
TryHackMe | awspentesting
This room will look at how to carry out penetration testing in the AWS Cloud Environment.
aws  pentest  cloud  security 
may 2019 by whip_lash
New – AWS Systems Manager Session Manager for Shell Access to EC2 Instances | AWS News Blog
Today we are adding a new option for shell-level access. The new Session Manager makes the AWS Systems Manager even more powerful. You can now use a new browser-based interactive shell and a command-line interface (CLI) to manage your Windows and Linux instances.
aws  cloud  shell 
april 2019 by whip_lash
AWS Risk Model
An expert forecasting session recorded the judgements of these experts for each AWS configuration. These are then tranformed into a statistical model representing their beliefs as an entire panel.
aws  risk  InfoSec  cloud 
april 2019 by whip_lash
The Cloud Is Just Someone Else's Computer
Given the prevalence and maturity of cloud providers, it's even a little controversial these days to colocate actual servers, but we've also experimented with colocating mini-pcs in various hosting roles. I'm still curious why there isn't more of a cottage industry for colocating mini PCs. Because … I think there should be.
cloud  hardware  hosting 
february 2019 by whip_lash
GitHub - proxycannon/proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
We've created a on-demand proxy tool that leverages cloud environments giving a user the ability to source (all) your traffic from an endless supply of cloud based IP address. Think of it as your own private TOR network for your redteam and pentest engagements.
proxy  pentest  cloud 
february 2019 by whip_lash
A deep dive into the AWS network – Txens
If the way about how to implement your network within AWS is well documented, the AWS network itself is not documented at all and we have to merge several sources of information to get a good overview of its design. That’s what this blog post is about.
aws  cloud  networking 
january 2019 by whip_lash
CLI for Ephemeral Penetration Testing: hideNsneak
This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.
terraform  pentest  c2  cloud 
october 2018 by whip_lash
UsefulScripts/ at master · chrismaddalena/UsefulScripts · GitHub
This script performs the necessary actions for collecting the latest IP addresses used by Amazon
Web Services, Google Compute, and Microsoft Azure. At the end, all IP addresses are output to
a CloudIPs.txt file. Each range is printed on a new line following a header naming the provider.
As discussed at
aws  azure  github  cloud 
september 2018 by whip_lash
Cyberduck | Libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox
Cyberduck is a libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox.
aws  cloud  storage  s3  tool 
july 2018 by whip_lash
open-guides/og-aws: 📙 Amazon Web Services — a practical guide
This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.
amazon  aws  cloud  github  guide 
july 2018 by whip_lash
Hiding Secrets in Terraform
Unfortunately, in order to set up most of these services you need usernames and passwords to be set - and since you can potentially change these passwords via Terraform then it stands to reason that Terraform is going to need be able to compare your old credentials with possible new ones.

To facilitate this it stores all settings, including usernames, passwords, port numbers and literally everything else in these tfstate files, in plain text.

This wasn’t something I’d have expected as the default behaviour. The documentation does suggest that you use a thing called Remote State (more on that later)
terraform  cloud  aws  passwords 
july 2018 by whip_lash
This application assists in managing attack infrasturcture by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.
github  cloud  pentest  security 
june 2018 by whip_lash
CS349D Cloud Computing Technology, Autumn 2017
This research seminar will cover industry and academic work on cloud computing and survey key technical issues.
cloud  class  learning 
december 2017 by whip_lash
Rethinking the guest operating system []
OSv is thus designed from the beginning to run under KVM (ports to other hypervisors are in the works), so it does not have to drag along a large set of device drivers. It is designed to run a single application, so a lot of the mechanisms found in a Unix-like system has been deemed to be unnecessary and tossed out.
cloud  virtualization 
september 2013 by whip_lash
Dell’s Boomi Buy: Here’s What It Means: Cloud «
With its own Virtual Integrated System software and Joyent partnership, Dell has shown a willingness to embrace the idea of hybrid cloud computing. Both products – albeit through very different approaches – allow customers to manage both on-premise and cloud-based resources as a single pool, through a single product.
november 2010 by whip_lash
Apple Looks to a New Computing Era -
In other words, don’t expect a DVD slot in your next Mac laptop, or your next desktop computer for that matter.

Apple hopes to replace those discs with a fluffy white iCloud, where software, music, video and your own personal content fly around in the air like happy seagulls at the beach.
apple  cloud 
november 2010 by whip_lash
Use SUSE Studio to Build a Linux OS From Scratch - SUSE Studio - Lifehacker
Think you can make a better fast-booting, Chrome-focused OS than Google? Want to craft a custom Linux system that boots from a USB stick? SUSE Studio gives you 15 GB to do exactly that, and you do it all online.
linux  diy  virtualization  cloud 
september 2009 by whip_lash

Copy this bookmark:

to read