The Fastest Way to Destroy a GCP Environment
The Fastest Way to Destroy a GCP Environment Billing is a necessary evil for all cloud infrastructure. As much as we engineers like to pretend it isn’t there, someone is watching the bill rack up over that build server you forgot in a sandbox. Providers won’t allow you to run your infrastructure without paying for it (which is very reasonable).
What happens right after you stop paying your bill differs slightly across GCP/Azure/AWS.
A Good Week for Google Cloud Security Engineers
A Good Week for Google Cloud Security Engineers As ridiculous as it is, engineers grow loyalty to various cloud providers. Maybe they’re loyal to a cloud because it was their first cloud, where they built their first app, or because it’s what they use in their day job.
I still think back fondly to a summer spent rationing a $200 DigitalOcean promotion on various Droplets.
Every once in a while news comes along that makes the fanatics of one of the clouds brag to their peers.
My Least Favorite GCP Role
My Least Favorite GCP Role Out of all the IAM roles that are predefined by Google Cloud, there’s one that sticks out the most to bother me. roles/viewer.
There’s obvious problems with the role:
The role is a member of the legacy basic roles, meaning Google Cloud has highlighted these roles are the opposite of best practice. Because of this association as a basic role, your CSPM is likely to throw alerts in your face about it.
Google Cloud Threat Intelligence Considers Me Dangerous
Google Cloud Threat Intelligence (GCTI) considers me dangerous and blocks me in their default threat intelligence rules Well, not quite. For a brief moment I did in fact believe I was on “GCTI’s Most Wanted”. This is a story of finding a default misconfigured threat intelligence firewall rule from Google Cloud that cut off network connectivity to the platform.
The misconfigured rule Google Cloud launched a great new feature known as Firewall Standard rules in June of this year.
Book Review: This Is How They Tell Me the World Ends
This is How They Tell Me the World Ends “This Is How They Tell Me the World Ends” by Nicole Perlroth is the best security book I have ever read. It is jawdropping from cover to cover. The scope of the reporting itself is extraordinary - Perlroth takes us through world shaping events such as Stuxnet, the Shadow Brokers, Snowden, Apple v. the FBI, the Ukrainian war - all in the same text!
Book Review: Tracers in the Dark
Tracers in the Dark “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” by Andy Greenberg is a fantastic summary of dark net crime over the past decade and a half. The book spans from cryptocurrency’s original dogma and practitioners all the way to the corporatization that we see today. I particularly enjoyed recollections about Sarah Merklejohn’s early work on Bitcoin clustering. What a fascinating portrait into an academic who has had such a profound impact on the space.
Wiz's Big IAM Challenge
Wiz’s Big IAM Challenge Wiz’s Big IAM Challenge caught my eye a few weekends ago. I didn’t finish the whole CTF, but plan on doing so if the time permits.
Each challenge starts with an AWS IAM policy that is misconfigured.
Challenge 1 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::thebigiamchallenge-storage-9979f4b/*" }, { "Effect": "Allow", "Principal": "*", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::thebigiamchallenge-storage-9979f4b", "Condition": { "StringLike": { "s3:prefix": "files/*" } } } ] } With this policy you can get any object in the bucket, but you can only list objects in the files/ prefix.
Book Review: Kingdom of Lies
Kingdom of Lies Kingdom of Lies by Kate Fazzini is a collection of loosely tied cybersecurity stories revolving around the 2014 JPMorgan hack. The book alludes to JPMorgan having relatively flat networks at the time.
JPMorgan and other entities are not directly referenced, but one can easily connect the dots. Overall I really liked this read. It’s quick and refreshing while focusing on the human side of cybersecurity.