Ramesh.8901

👿 𝐇𝐢𝐣𝐚𝐜𝐤𝐢𝐧𝐠 𝐀𝐦𝐚𝐳𝐨𝐧 𝐄𝐯𝐞𝐧𝐭𝐁𝐫𝐢𝐝𝐠𝐞 𝐟𝐨𝐫 𝐥𝐚𝐮𝐧𝐜𝐡𝐢𝐧𝐠 𝐂𝐫𝐨𝐬𝐬-𝐀𝐜𝐜𝐨𝐮𝐧𝐭 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 Square's Ramesh Ramani describes six attack patterns leveraging EventBridge's cross-account capabilities for infiltration and exfiltration. AWS EventBridge is a serverless event bus service that enables powerful integrations across multiple AWS accounts. The attacks: 1. Persistent beaconing 2. Command and control 3. Reconnaissance 4. Data smuggling 5. Account hopping 6. API borrowing The post provides code examples for each attack and recommends multi-layered security controls, including Service Control Policies, IAM permissions, EventBridge resource policies, VPC endpoints with restrictive policies, and event content validation, along with detection strategies using CloudWatch, CloudTrail, and behavioral analytics. developer.squareup.com/blog/hijacking… #cybersecurity

🛎️ AWS Security Digest 216 is out! 1️⃣ AWS Account ID Enumeration Through Root User MFA by Michael Magyar 2️⃣ Hijacking Amazon EventBridge for launching Cross-Account attacks by Ramesh Ramani 3️⃣ Sign in with your eID: Using AWS IAM Roles Anywhere with a SmartCard Reader by Ben Bridts 4️⃣ The Future of Threat Emulation: Building AI Agents that Hunt Like Cloud Adversaries by Eduard Agavriloae 5️⃣ Profiling TradeTraitor: Tactics, History & Defenses Bonus: Stealthy Persistence in AWS - A Practical Simulation for Defenders awssecuritydigest.com/past-issues/aw…

Learn how attackers can misuse Eventbridge and how you can protect your company from these attacks! We at Block present - Hijacking Amazon EventBridge for launching Cross-Account attacks developer.squareup.com/blog/hijacking… @BlockEng @SquareDev #CloudSecurity #awssecurity #mitreattack

🔎 Threat Hunting with #Kubernetes Audit Logs by @square Using ATT&CK for Containers * Execution: Finding repeated exec failures * Persistence: Unusual cronjob creation failures * PrivEsc: Users being given "cluster-admin" access * + more developer.squareup.com/blog/threat-hu…

The promised part 2️⃣ of Threat Hunting with Kubernetes Audit Logs is here! @8901Ramesh explains how to use the @MITREattack Framework to hunt for attackers in your @kubernetesio audit logs 🎯 #CNCF #Kubernetes developer.squareup.com/blog/threat-hu…

@OphirHarpaz @malwareunicorn @maddiestone @ramimacisabird @chompie1337 @dguido @efrowning @defcon @RandomDhiraj @jleyden @BlackHatEvents @mrinal @jupenur @joshva_jebaraj @jcfarris Threat Hunting with #Kubernetes Audit Logs developer.squareup.com/blog/threat-hu… @nevalau IDE for Kubernetes github.com/nevalla/lens-r… Protect domains that do not send email gov.uk/guidance/prote… @chompie1337 Kernel Pwning with eBPF: a Love Story graplsecurity.com/post/kernel-pw…

@Caltrain this is the second day in a row that train 221 is delayed due to "mechanical issues" . Yesterday by 24 minutes and today by 15 minutes. Why are there constants issues/delays?