Published in Cloud Security·PinnedAutomating Cybersecurity Metrics (ACM)A series of blog posts on cybersecurity metrics and security automation — GitHub Repo (In Progress): SecurityMetricsAutomation/README.md at main · tradichel/SecurityMetricsAutomation Contribute to tradichel/SecurityMetricsAutomation development by creating an account on GitHub.github.com Walk through the thought process of creating secure Batch Jobs to capture and report on cybersecurity metrics in this blog series.Cybersecurity Metrics4 min read
Published in Cloud Security·PinnedCybersecurity Author, Teri RadichelPublications and Presentations by Teri Radichel — Teri Radichel is a professional cybersecurity speaker, trainer, and author. The following are links to some of her past presentations, articles, blog posts, books, and security classes. …Cloud Security4 min read
Published in Cloud Security·3 hours agoSpecifying the Roles an IAM Identity Can AssumeACM.33 Limiting the Confused Deputy Attack in IAM Policies — This is a continuation of my series on Automating Cybersecurity Metrics. In the post on the confused deputy problem I referred to the IAM documentation that explains how to limit the ability for a user to assume a role with a IAM Policy like this: Confused Deputy Attack in IAM, Resource, and AssumeRole Policies ACM.31: Considering how an attacker could abuse role templatesmedium.comConfused Deputy4 min read
Published in Cloud Security·1 day agoConditions and Mappings in CloudFormation TemplatesACM.32 Preventing the Confused Deputy Attack in Batch Job Roles — This is a continuation of my series on Automating Cybersecurity Metrics. I wrote about the Confused Deputy Attack in the last post and how it could affect the Batch Job Role we created with the option to pass in any ARN. Confused Deputy Attack in IAM, Resource, and AssumeRole Policies ACM.31: Considering how an attacker could abuse role templatesmedium.comConfused Deputy11 min read
Published in Cloud Security·2 days agoConfused Deputy Attack in IAM, Resource, and AssumeRole PoliciesACM.31: Considering how an attacker could abuse role templates — This is a continuation of my series on Automating Cybersecurity Metrics. Before we go any further in this series we want to take a look at a potential threat when using our roles, and especially cross-account or service roles. This security problem is known as the Confused Deputy in AWS…Confused Deputy10 min read
Published in Bugs That Bite·2 days agoRemoving Sensitive Files from GitHub and All Their HistoryErrors trying to run git filter-repo — invert-paths — I’ve been working this series of blog post and noticed that some .swp files got into my github repo. I wanted to remove them. When you simply delete a file and check in your code again, the file is not completely gone. …Github3 min read
Published in Cloud Security·2 days agoModifying A Role CloudFormation Template to Pass in an ARN to Assume the RoleACM.30 Allowing an IAM admin to run IAM-related batch jobs — This is a continuation of my series on Automating Cybersecurity Metrics. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: I explain the security problems with approach below here. Confused Deputy Attack in IAM, Resource, and AssumeRole Policies ACM.31: Considering how an attacker could abuse role templatesmedium.com If you are using this approach in any of your CloudFormation templates for IAM Roles you might want to consider changing it as I have done here:AWS8 min read
Published in Bugs That Bite·3 days agoCloudTrail Lake All Regions Checkbox Doesn’t Work or Has a Bug; Also Switching Data Stores BugEditing and unchecking the box to only include the current region doesn’t pull in data from other regions — CloudTrail Lake was announced in January 2022 so it is a newer feature of AWS. Hopefully this issue will get fixed by the time you read this. Checkbox to include only current region or all has a glitch When you uncheck the “Include only the current region” box for an…Cloudtrail Lake5 min read
Published in Bugs That Bite·3 days agoCloudTrail Does Not Log IAM Access Key Actions in the Region Where Actions Were Executed (unless you happen to be in us-east-1)IAM Actions in CloudTrail missing in CloudTrail Lake Queries — I’m writing a blog post about how to create zero trust IAM policies and at this point it feels like AWS doesn’t want me to write zero trust policies. As I learned at Capital One: Assume good intentions. I already explained how I couldn’t use Athena with CloudTrail when using…Aws Iam3 min read
Published in Cloud Security·4 days agoUnique AWS Policy Templates for a Common Role TemplateACM.29: Creating a unique policy for batch jobs whose roles are created with a common CloudFormation template. — This is a continuation of my series on Automating Cybersecurity Metrics. In this post we’re going to add a policy for a role created with a common role template. As explained earlier, we can use the same role CloudFormation template to deploy different roles or our batch jobs. A Role for Automated Credential Deployments ACM.20 Implementation of an AWS IAM role to deploy batch job credentialsmedium.comIam Policy6 min read