View this email in your browser
Release Date: 27/10/2019 | Issue: 9
"The Cloud Security Reading List" is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.

Knowing how difficult it is to stay up to date with all the different news and releases occurring in this industry, I hope this will be helpful for other people who are particularly interested in this corner of the security scenario.

This week's articles

  • MITRE ATT&CK Cloud Matrix The October 2019 ATT&CK release saw the introduction of 36 techniques to cover adversary behaviour against cloud-based platforms. Three infrastructure as a service platforms (AWS, Azure, and GCP) have been added, as well as two cloud software platforms, Azure Active Directory (Azure AD) and Office 365, to cover techniques against those specific platforms.
  • Swipe right for a new guide to PCI on GKE Anyone working in a highly-regulated industry like financial services has complex and challenging regulatory IT requirements to deal with, that can make it hard to adopt new technologies like containers and Kubernetes. To help ease the transition to PCI-compliant workloads on Kubernetes, Google released a PCI Compliance on GKE solution guide. This guide is intended to help address concerns unique to GKE applications in PCI regulated environments.
  • k-rail The Security team at Cruise recently open sourced k-rail, a webhook-based Kubernetes policy enforcement tool. The idea behind it is that, by default, the Kubernetes APIs allow for a variety of easy privilege escalation routes. When operating a multi-tenant cluster, many features can be dangerous or introduce instability and must be used judiciously. k-rail attempts to make workload policy enforcement easy in Kubernetes, even if you already have a large number of diverse workloads.
  • Introducing CloudTrail-Partitioner If you've worked with CloudTrail, you might have experienced some pain while trying to search the logs it generates. To address this, the Duo team released cloudtrail-partitioner, which automatically organizes your CloudTrail logs in a format suitable for quick, cheap and simple querying with Athena. 
  • Argo: Workflow Engine for Kubernetes Even if you might already be familiar with the gitops approach proposed by Argo, I found this step-by-step tutorial very interesting and thorough.
  • AWS IAM Privilege Escalation Methods Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods that Spencer Gietzen put together.
  • Grapl - A Graph Platform For Detection and Response Grapl is an open source platform for Detection and Response (D&R). The position that Grapl takes is that graphs provide a more natural experience than raw logs for many common D&R use cases.
  • Inspecting kubectl traffic with mitmproxy If, for whatever reason, you were wondering how to to inspect the network traffic of kubectl, then this small guide on how to use MITMproxy to snoop on kubectl requests might be for you.
Copyright © 2019 The Cloud Security Reading List, All rights reserved.