• VayFul®
  • Posts
  • CloudSec Wednesday: Cloud Security Risks and Threat Landscape, Build DevSecOps pipeline, Container Security, Analyzing AWS VPC flow logs, RCE in CUPS, Unmasking DNS Timeouts in Azure, Nameless-C2 Tool Spotlight, Okta Sign-on Policy Bypass, VS Code RCE advisory

CloudSec Wednesday: Cloud Security Risks and Threat Landscape, Build DevSecOps pipeline, Container Security, Analyzing AWS VPC flow logs, RCE in CUPS, Unmasking DNS Timeouts in Azure, Nameless-C2 Tool Spotlight, Okta Sign-on Policy Bypass, VS Code RCE advisory

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition covers Cloud Security, Container Security and DevSecOps Practices:

  • 📝 Analyzing AWS VPC flow logs with DuckDB, RCE in CUPS, Okta Sign-on Policy Bypass, VS code RCE advisory!

  • 🔥 Dockerhoneypot-logs, Nameless-C2 Tools, Do not use secrets in environment variables!

  • 🧠 Cloud Security Risks and Threat Landscape, Build DevSecOps pipeline, Container Security!!

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • Okta Classic Application Sign-On Policy Bypass (Okta)

  • Visual Studio Code for Linux Remote Code Execution Vulnerability Security Advisory (Microsoft)

📝 Best Of Blogs

  • Get Your Ducks in a Row: Analyzing AWS VPC flow logs with DuckDB (Seshu Pasam)

  • Remote execution exploit chain in CUPS: Overview, detection, and remediation (Security Labs)

  • Unmasking DNS Timeouts: The Hidden Culprit in Azure Virtual Networks (Microsoft)

🧠 Learning Resources

🛠️ Tools

  • Dockerhoneypot-logs: Collection of Docker honeypot logs from 2021 - 2024. (GitHub)

  • Slack-watchman: Slack enumeration and exposed secrets 

    detection tool. (GitHub)

  • Nameless C2 - A C2 with all its components written in Rust. (GitHub)

⚡️ Misc

  • Do not use secrets in environment variables and here's how to do it better (NodeJS Security)

  • Cisco certification in Ethical Hacking course (Cisco)

🎯 Favorite Quote

“It is during our darkest moments that we must focus to see the light.“
- Aristotle

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.