Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF 

Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF 

| | Cloud
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF The post Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF  appeared first on Ermetic ... Read More
Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF 

Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF 

| | Cloud
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF The post Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF  appeared first on Tenable Cloud Security ... Read More
What’s New with CNAPPgoat? 

What’s New with CNAPPgoat? 

| | Cloud
Read about the newest, expanded features in Ermetic’s open source vulnerable-by-design tool for enhancing your security skills The post What’s New with CNAPPgoat?  appeared first on Ermetic ... Read More
Comparison of metadata services in cloud provider computing services

The Azure Metadata Protection You Didn’t Know Was There

| | azure
Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration The post The Azure Metadata Protection You Didn’t Know Was There appeared first on Ermetic ... Read More

The Next Step in the IMDSv1 Redemption Journey 

| | aws
Learn about AWS’s new open source library for enforcing IMDSv2 and Ermetic’s new lab for trying it out The post The Next Step in the IMDSv1 Redemption Journey  appeared first on Ermetic ... Read More
Figure 1 - Listing the available scenarios

CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources

| | Cloud
All about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments. The post CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources appeared first on Ermetic ... Read More
Figure 1: comparison of metadata services in the various of computing services of the providers 

The Default Toxic Combination of GCP Compute Engine Instances

| | gcp
By default, compute instances in GCP are prone to a toxic combination that you should be aware of, and can avoid and fix The post The Default Toxic Combination of GCP Compute Engine Instances appeared first on Ermetic ... Read More

Terraform Lab: Taking the New VPC Endpoint Condition Keys Out for a Spin

| | aws
Our new open source Terraform project offers hands-on experience with VPC endpoints and demos AWS's new condition keys for securing EC2 instances The post Terraform Lab: Taking the New VPC Endpoint Condition Keys Out for a Spin appeared first on Ermetic ... Read More
Creating an OIDC provider for the EKS cluster in the console

Federating Kubernetes Workloads with Cloud Identities

| | Cloud
Your K8s workloads legitimately need access to sensitive cloud resources – federated identities let you grant it easily and securely The post Federating Kubernetes Workloads with Cloud Identities appeared first on Ermetic ... Read More
AWS re:Invent 2021 - Securing your data perimeter with VPC endpoints

A New Incentive for Using AWS VPC Endpoints

| | aws
If you haven’t been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so The post A New Incentive for Using AWS VPC Endpoints appeared first on Ermetic ... Read More