Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸
Oct 21, 2020 • 5 tweets • 3 min read
THIS IS SO COOL.
@spookerlabs and @pr0teusbr use Cloudsplaining's IAM Risk assessment capabilities to enrich CloudTrail events so you can prioritize and identify risk classes. They even show how they use it to detect Pacu exploitation events!
🧵
tenchisecurity.com/blog/detecting…
I have to say, I never thought about Cloudsplaining being used in this way. I wrote the tool as a security assessment tool that could help you lock down IAM in your account or help pentesters quickly find which privileged roles they should target, but I didn't think about this.
Aug 7, 2020 • 23 tweets • 6 min read
A few thoughts on the $80 million fine from the Capital One Breach - a thread.
Based on public information, we know that this happened, in part, to overly permissive AWS IAM policies that allowed s3:GetObject to * resources.
As @matthewdfuller said - probably one of the most expensive * wildcards in history.