Noam Dahan

Ermetic

You can now construct and import your own vulnerability scenarios into CNAPPgoat, enhancing your cloud security skills The post Building Custom Scenarios with CNAPPgoat appeared first on Ermetic ... Read More

One of the most talked-about sessions at AWS re:Inforce, and my favorite, was IAM433, on AWS IAM’s internal evaluation mechanisms The post Diving Deeply into IAM Policy Evaluation – Highlights from AWS re:Inforce IAM433 appeared first on Ermetic ... Read More

Ermetic is launching a new open-source tool: Access Undenied on AWS. The tool parses AWS AccessDenied CloudTrail events, explains the reasons for them and offers actionable fixes. The post Access Undenied on AWS appeared first on Ermetic ... Read More

Most GCP third-party vendors ask for permanent service account keys for access -- increasing credential leakage risk. Used correctly, short-lived credentials offer a secure alternative. The post Wayward Sheriffs and Confused Deputies: Risks in GCP Third Party Access appeared first on Ermetic ... Read More

Our first impressions of AWS's new managed audit and security lake that allows you to aggregate, immutably store, and query activity logs. The post Testing the Waters: First Impressions of CloudTrail Lake appeared first on Ermetic ... Read More

TL;DR: iam:PassRole is an AWS permission that enables critical privilege escalation; many supposedly low-privilege identities tend to have it It’s hard to tell which IAM users and roles need the permission We have mapped out a list of AWS actions where it is likely that iam:PassRole is required and the ... Read More

Until now much of the discussion around the SolarWinds breach that hacked FireEye and compromised US government networks has focused on the on-premise risks. However the cloud infrastructure of the impacted organizations is not necessarily immune. That’s because the SolarWinds Orion platform can also be deployed in cloud environments, where ... Read More