Olivia
Online
Ramesh.8901
@secmesh
Joined April 2014
21 Following
6 Followers
7 Posts
๐ฟ ๐๐ข๐ฃ๐๐๐ค๐ข๐ง๐ ๐๐ฆ๐๐ณ๐จ๐ง ๐๐ฏ๐๐ง๐ญ๐๐ซ๐ข๐๐ ๐ ๐๐จ๐ซ ๐ฅ๐๐ฎ๐ง๐๐ก๐ข๐ง๐ ๐๐ซ๐จ๐ฌ๐ฌ-๐๐๐๐จ๐ฎ๐ง๐ญ ๐๐ญ๐ญ๐๐๐ค๐ฌ
Square's Ramesh Ramani describes six attack patterns leveraging EventBridge's cross-account capabilities for infiltration and exfiltration.
AWS EventBridge is a serverless event bus service that enables powerful integrations across multiple AWS accounts.
The attacks:
1. Persistent beaconing
2. Command and control
3. Reconnaissance
4. Data smuggling
5. Account hopping
6. API borrowing
The post provides code examples for each attack and recommends multi-layered security controls, including Service Control Policies, IAM permissions, EventBridge resource policies, VPC endpoints with restrictive policies, and event content validation, along with detection strategies using CloudWatch, CloudTrail, and behavioral analytics.
https://t.co/jhaES3GASm
#cybersecurity
๐๏ธ AWS Security Digest 216 is out!
1๏ธโฃ AWS Account ID Enumeration Through Root User MFA by Michael Magyar
2๏ธโฃ Hijacking Amazon EventBridge for launching Cross-Account attacks by Ramesh Ramani
3๏ธโฃ Sign in with your eID: Using AWS IAM Roles Anywhere with a SmartCard Reader by Ben Bridts
4๏ธโฃ The Future of Threat Emulation: Building AI Agents that Hunt Like Cloud Adversaries by Eduard Agavriloae
5๏ธโฃ Profiling TradeTraitor: Tactics, History & Defenses
Bonus: Stealthy Persistence in AWS - A Practical Simulation for Defenders
https://t.co/HveDZft3EX
Learn how attackers can misuse Eventbridge and how you can protect your company from these attacks!
We at Block present - Hijacking Amazon EventBridge for launching Cross-Account attacks https://t.co/ZtHJqoFU0I
@BlockEng @SquareDev #CloudSecurity #awssecurity #mitreattack
๐ Threat Hunting with #Kubernetes Audit Logs by @square
Using ATT&CK for Containers
* Execution: Finding repeated exec failures
* Persistence: Unusual cronjob creation failures
* PrivEsc: Users being given "cluster-admin" access
* + more
https://t.co/5Dn4AiixBv
The promised part 2๏ธโฃ of Threat Hunting with Kubernetes Audit Logs is here! @8901Ramesh explains how to use the @MITREattack Framework to hunt for attackers in your @kubernetesio audit logs ๐ฏ #CNCF #Kubernetes
https://t.co/2Fl0cbHaEl
@OphirHarpaz @malwareunicorn @maddiestone @ramimacisabird @chompie1337 @dguido @efrowning @defcon @RandomDhiraj @jleyden @BlackHatEvents @mrinal @jupenur @joshva_jebaraj @jcfarris Threat Hunting with #Kubernetes Audit Logs
https://t.co/vcVe0XwsDX
@nevalau IDE for Kubernetes
https://t.co/9My6zj3x08
Protect domains that do not send email
https://t.co/IF9cQ3nMWM
@chompie1337 Kernel Pwning with eBPF: a Love Story
https://t.co/SGhs0Kmr3v
@Caltrain this is the second day in a row that train 221 is delayed due to "mechanical issues" . Yesterday by 24 minutes and today by 15 minutes. Why are there constants issues/delays?
Last Seen Users on Sotwe
ูุณ ูุฑุฏู
Seen from United States
Trai ฤแบนp cแบทc to ๐ฆ
Seen from Vietnam
ptri
Seen from Indonesia
เนเธฅเธเธเธญเธเนเธฃเธฒ
Seen from Thailand
้ฑผ็ฑฝๅจๅญๅจ
Seen from Korea
Thick girls and TS ๐
Seen from United Kingdom
OMEHUNTERS | ู
ููู ุดุงุช
Seen from Saudi Arabia
asian girls
Seen from Indonesia
Naya
lauren phillips
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers