/tags/cloudsecurity/Recent content in CloudSecurity on SecurosisHugoen-usThu, 09 Jan 2025 17:00:00 +0000/research/howto/security-invariants/Thu, 09 Jan 2025 17:00:00 +0000/research/howto/security-invariants/<p><em><strong>Note:</strong> This post has been revised to include the new capabilities released by AWS prior to re:Invent 2024.<br> You can also check out the re:Invent presentation we did with Securosis: &ldquo;Security invariants: From enterprise chaos to cloud order&rdquo; <a href="DEV401_Security-invariants-From-enterprise-chaos-to-cloud-order.pdf">slides</a> - <a href="https://www.youtube.com/watch?v=aljwG4N5a-0">video</a></em></p>/research/howto/awsbackup/Tue, 05 Sep 2023 09:23:37 -0400/research/howto/awsbackup/<p>tl;dr - here is a <a href="https://github.com/primeharbor/pht-awsbackup-management">link to the scripts</a></p> <h2 id="what-ransomware-in-aws-looks-like">What Ransomware in AWS looks like</h2> <p>In a typical ransomware attack, a threat actor will attempt to encrypt files on critical machines belonging to the victim. In exchange for a cryptocurrency payment, the threat actor will provide the decryption key and software to the victim, who then has to go through the arduous process of restoring their machines. The encrypted data is typically lost forever if the victim refuses to pay the ransom.</p>/research/howto/aws-identity-center-google-v2/Sun, 25 Jun 2023 18:25:26 -0400/research/howto/aws-identity-center-google-v2/<blockquote> <p>This is a revised version of the original post <a href="blog/aws-identity-center-google/">Leveraging AWS SSO (aka Identity Center) with Google Workspaces</a> based on the new announcement <a href="https://aws.amazon.com/about-aws/whats-new/2023/06/aws-iam-identity-center-automated-user-provisioning-google-workspace/">AWS IAM Identity Center now supports automated user provisioning from Google Workspace</a> The original post is still valid, and in someways may be better, but this version has it&rsquo;s own advantages.</p> </blockquote> <p>Setting up <a href="https://aws.amazon.com/iam/identity-center/">AWS IAM Identity Center (successor to AWS Single Sign-On)</a>, hereafter called AWS SSO (because I have to pay AWS for egress on this site), is an excellent service to help you get rid of IAM users and enforce identity best practices around second-factor authentication, on and off-boarding employees, and assigning the right level of access depending on job function.</p> <p>Companies using Google Workspaces for email and collaboration can also leverage their Google accounts to access AWS via AWS SSO. The process isn&rsquo;t clearly documented, and the provisioning support isn&rsquo;t integrated, so here is a post to help you set it all up.</p>/research/howto/aws-identity-center-azuread/Tue, 16 May 2023 20:33:45 -0400/research/howto/aws-identity-center-azuread/<p>Setting up <a href="https://aws.amazon.com/iam/identity-center/">AWS IAM Identity Center (successor to AWS Single Sign-On)</a> henceforth called AWS SSO (because AWS charges for egress), is an excellent service to help you get rid of IAM users and enforce identity best practices around second-factor authentication, on and off-boarding employees, and assigning the right level of access depending on job function.</p>