Valuable cloud security scenarios to think through, leveraging the Handlebars templating engine for local file read or RCE, check your GKE cluster against CIS.
How AWS secures Lambda, Daniel Miessler's overview of @TomNomNom's recon tools, how to demonstrate high impact when you can't see the SSRF response.
[tl;dr sec] #67 - Infra as Code, Cloud Auto-remediation
A tool to create IaC from an existing AWS environment, container defense-in-depth with user namespaces, rewriting things in Rust.
Scott Piper shares how he'd attack AWS, a survey of infra as code scanning tools, free workshop on server-side template injection.
Techniques for initital access, recon, lateral movement, and exfil of AWS accounts, along with defensive mitigations
[tl;dr sec] #64 - Kubernetes Guide, XSS for PDFs
New OWASP security testing guide and GraphQL cheat sheet, new fuzzing research, and a tool to ease administration of complex AWS environments.
A tool to sneakily enumerate all IAM users and roles in a target AWS account, recent events in AI, and how to attack server-side renderers.
How to create effective security OKRs, scaling threat modeling in hypergrowth, engineering-driven orgs, and a browser-based internal network scanner.
Use Cartography to understand AWS permissions, tool to grok the risk of open source libraries, developers taking security into their own hands.
Attacker's can remotely access any TCP/UDP service on your machine, serious bugs in many GitHub Actions, and the security value of creating easily greppable secrets.
![[tl;dr sec] #69 - Cloud Security Table Top Exercises, Finding RCE in ExpressJS, InSpec for GKE](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
