recentpopularlog in

whip_lash : gcp   11

Accessing Secret Manager from Terraform | Seth Vargo
Terraform is a popular tool for managing infrastructure configurations as code, but what if your infrastructure needs secrets like API keys or credentials? Google Secret Manager is a Google Cloud service that stores API keys, passwords, certificates, and other sensitive data. It provides convenience while improving security. This post explores how to access Secret Manager secrets from Terraform.
secretmanager  security  terraform  gcp  cloud 
23 days ago by whip_lash
Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments | GitLab
This post does not outline any new vulnerabilities in Google Cloud Platform but outlines ways that an attacker who has already gained an unprivileged foothold on a cloud instance may perform reconnaissance, privilege escalation and eventually complete compromise of an environment.
cloud  gcp  pentest  redteam  privilegeescalation  privesc  pentesting 
6 weeks ago by whip_lash
Announcing General Availability of CloudSploit by Aqua for GCP
Aqua Security announced the general availability of CloudSploit by Aqua for Google Cloud Platform (GCP). This release comes after an extended beta program, during which we worked closely with our customers to develop and deliver a robust set of out-of-the-box policies for GCP. This release also includes a Center for Internet Security (CIS) benchmark certification for GCP.
gcp  security  tool  cloud 
9 weeks ago by whip_lash
4 Google Cloud Shell bugs explained – Offensi
While the Google Cloud Platform is known to be a tough target among bughunters, i was lucky enough to have some modest success in finding bugs in one of it’s services, the Google Cloud Shell.
gcp  security  pentest 
december 2019 by whip_lash
Launching the VM - Cloud Shell Script - Google Docs
Getting a GCP cloud shell if the one in the console won't launch.
december 2019 by whip_lash
Forseti Security / About
Forseti Security is a collection of community-driven, open-source tools to help you improve the security of your Google Cloud Platform (GCP) environments. Forseti consists of core modules that you can enable, configure, and execute independently of each other. Community contributors are also developing add-on modules to offer unique capabilities. Forseti’s core modules work together, and provide a foundation that others can build upon.
forseti  gcp  cloud  security 
august 2019 by whip_lash
cloud-custodian/cloud-custodian: Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

Custodian policies are written in simple YAML configuration files that enable users to specify policies on a resource type (EC2, ASG, Redshift, CosmosDB, PubSub Topic) and are constructed from a vocabulary of filters and actions.

It integrates with the cloud native serverless capabilities of each provider to provide for real time enforcement of policies with builtin provisioning. Or it can be run as a simple cron job on a server to execute against large existing fleets.
aws  gcp  cloud  compliance  security 
july 2019 by whip_lash
GKE Security Using Falco, Pub/Sub, and Cloud Functions - DZone Security
In this blog post, we will demonstrate how to build a complete GKE security stack for anomaly detection and prevent container runtime security threats. We will integrate the Falco runtime security engine with Google Cloud Functions and Pub/Sub.
gke  gcp  kubernetes  security 
june 2019 by whip_lash
Google Cloud Platform Fundamentals for AWS Professionals | Coursera
This accelerated 6-hour course with labs introduces AWS professionals to the core capabilities of Google Cloud Platform (GCP) in the four technology pillars: networking, compute, storage, and database. It is designed for AWS Solution Architects and SysOps Administrators familiar with AWS features and setup and want to gain experience configuring GCP products immediately. With presentations, demos, and hands-on labs, participants get details of similarities, differences, and initial h...
google  gcp  cloud  course 
may 2019 by whip_lash

Copy this bookmark:

to read