Publications and Presentations by Teri Radichel — Teri Radichel is a professional cybersecurity speaker, trainer, and author. The following are links to some of her past presentations, articles, blog posts, books, and security classes. …

ACM.33 Limiting the Confused Deputy Attack in IAM Policies — This is a continuation of my series on Automating Cybersecurity Metrics. In the post on the confused deputy problem I referred to the IAM documentation that explains how to limit the ability for a user to assume a role with a IAM Policy like this: Confused Deputy Attack in IAM, Resource, and AssumeRole Policies ACM.31: Considering how an attacker could abuse role templatesmedium.com

ACM.32 Preventing the Confused Deputy Attack in Batch Job Roles — This is a continuation of my series on Automating Cybersecurity Metrics. I wrote about the Confused Deputy Attack in the last post and how it could affect the Batch Job Role we created with the option to pass in any ARN. Confused Deputy Attack in IAM, Resource, and AssumeRole Policies ACM.31: Considering how an attacker could abuse role templatesmedium.com

ACM.31: Considering how an attacker could abuse role templates — This is a continuation of my series on Automating Cybersecurity Metrics. Before we go any further in this series we want to take a look at a potential threat when using our roles, and especially cross-account or service roles. This security problem is known as the Confused Deputy in AWS…

Errors trying to run git filter-repo — invert-paths — I’ve been working this series of blog post and noticed that some .swp files got into my github repo. I wanted to remove them. When you simply delete a file and check in your code again, the file is not completely gone. …

ACM.30 Allowing an IAM admin to run IAM-related batch jobs — This is a continuation of my series on Automating Cybersecurity Metrics. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: I explain the security problems with approach below here. Confused Deputy Attack in IAM, Resource, and AssumeRole Policies ACM.31: Considering how an attacker could abuse role templatesmedium.com If you are using this approach in any of your CloudFormation templates for IAM Roles you might want to consider changing it as I have done here:

Editing and unchecking the box to only include the current region doesn’t pull in data from other regions — CloudTrail Lake was announced in January 2022 so it is a newer feature of AWS. Hopefully this issue will get fixed by the time you read this. Checkbox to include only current region or all has a glitch When you uncheck the “Include only the current region” box for an…

IAM Actions in CloudTrail missing in CloudTrail Lake Queries — I’m writing a blog post about how to create zero trust IAM policies and at this point it feels like AWS doesn’t want me to write zero trust policies. As I learned at Capital One: Assume good intentions. I already explained how I couldn’t use Athena with CloudTrail when using…

ACM.29: Creating a unique policy for batch jobs whose roles are created with a common CloudFormation template. — This is a continuation of my series on Automating Cybersecurity Metrics. In this post we’re going to add a policy for a role created with a common role template. As explained earlier, we can use the same role CloudFormation template to deploy different roles or our batch jobs. A Role for Automated Credential Deployments ACM.20 Implementation of an AWS IAM role to deploy batch job credentialsmedium.com