Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/an-aws-free-tier-bill-shock-your-next-steps/ Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill...
May 18, 2022•8 min•Ep 385•Transcript available on Metacast AWS Morning Brief for the week of May 16, 2022 with Corey Quinn.
May 16, 2022•5 min•Ep 384•Transcript available on Metacast Links: S3 Bucket Negligence Award Mandoogle on how AWS's instance metadata service can be abused by attackers Heroku apparently had its entire database breached last week Wiz Research discovered a new vulnerability in Azure’s PostgreSQL Flexible Server service. AWS deleted packages they'd pushed to public repositories A guide to Cloud Security Orienteering...
May 12, 2022•6 min•Ep 383•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/aws-s-deprecation-policy-is-like-a-platypus Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill ...
May 11, 2022•10 min•Ep 382•Transcript available on Metacast AWS Morning Brief for the week of May 9, 2022 with Corey Quinn.
May 09, 2022•7 min•Ep 381•Transcript available on Metacast Links: SELinux is unmanageable; just turn it off if it gets in your way AWS welcomes new Trans-Atlantic Data Privacy Framework How to control access to AWS resources based on AWS account, OU, or organization AWS has an article that explains what the confused deputy problem The CloudGoat pentest training tool now supports Lambda...
May 05, 2022•6 min•Ep 380•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/how-to-win-in-cloud Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your...
May 04, 2022•10 min•Ep 379•Transcript available on Metacast AWS Morning Brief for the week of May 2, 2022 with Corey Quinn.
May 02, 2022•6 min•Ep 378•Transcript available on Metacast Links: Summit Route's AWS SCP Best Practices Reported Apache Log4j Hotpatch Issues cloudtrail-partioner
Apr 28, 2022•4 min•Ep 377•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/aws-s-open-source-problem Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lowe...
Apr 27, 2022•8 min•Ep 376•Transcript available on Metacast AWS Morning Brief for the week of April 25, 2022 with Corey Quinn.
Apr 25, 2022•8 min•Ep 375•Transcript available on Metacast Corey’s livetweet: https://twitter.com/quinnypig Eric Hammond’s old article: https://alestic.com/2014/09/aws-root-password/ Lightspin found a vulnerability: https://blog.lightspin.io/aws-rds-critical-security-vulnerability Expel’s incident report: https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/ Rhino Security Labs found a CVE in the AWS VPN Client: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ DarkReading’s profile of AJ Yawn: https://www...
Apr 21, 2022•6 min•Ep 374•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/shitposting-as-a-learning-style Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to hel...
Apr 20, 2022•8 min•Ep 373•Transcript available on Metacast AWS Morning Brief for the week of April 18, 2022 with Corey Quinn.
Apr 18, 2022•5 min•Ep 372•Transcript available on Metacast Links: CashMama gets the S3 Bucket Negligence Award MailChimp’s cryptocurrency clients' mailing-list info stolen Denonia, the first Lambda-specific malware AWS IAM Access Analyzer...
Apr 14, 2022•6 min•Ep 371•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/taking-aws-account-logins-for-granted Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group ...
Apr 13, 2022•9 min•Ep 370•Transcript available on Metacast AWS Morning Brief for the week of April 11, 2022 with Corey Quinn.
Apr 11, 2022•8 min•Ep 369•Transcript available on Metacast Links Referenced: Okta’s CEO: https://www.bloomberg.com/news/articles/2022-04-04/okta-ceo-says-breach-is-big-deal-aims-to-restore-trust taken a job as a Distinguished Engineer VP at AWS: https://www.linkedin.com/feed/update/urn:li:activity:6914280317675614208/ Ubiquiti has sued Brian Krebs for defamation: https://www.theregister.com/2022/03/30/ubiquiti_brian_krebs/ “Best practices: Securing your Amazon Location Service resources”: https://aws.amazon.com/blogs/security/best-practices-securing-you...
Apr 07, 2022•5 min•Ep 368•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/ubiquiti-teaches-aws-security-and-crisis-comms-via-counterexample Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with C...
Apr 06, 2022•15 min•Ep 367•Transcript available on Metacast AWS Morning Brief for the week of April 4, 2022 with Corey Quinn.
Apr 04, 2022•9 min•Ep 366•Transcript available on Metacast Links: Their investigation of the January 2022 Okta compromise: https://blog.cloudflare.com/cloudflare-investigation-of-the-january-2022-okta-compromise/ You know it’s a legit AWS email because the instructions are very bad: https://Twitter.com/0xdabbad00/status/1506258309715673089 sabotaged their own package: https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/ “AWS IAM Demystified”: https://www.daan.fyi/writings/iam from a third-p...
Mar 31, 2022•7 min•Ep 365•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/s3-is-not-a-backup Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your ...
Mar 30, 2022•8 min•Ep 364•Transcript available on Metacast AWS Morning Brief for the week of March 28, 2022 with Corey Quinn.
Mar 28, 2022•8 min•Ep 363•Transcript available on Metacast Links Referenced: quietly updated the re:Inforce site: https://reinforce.awsevents.com remains disturbingly murky: https://www.theverge.com/2022/3/22/22990637/okta-breach-single-sign-on-lapsus-hacker-group far greater detail: https://kloudle.com/blog/aws-rds-does-not-force-clients-to-connect-using-a-secure-transport-layer AWS Lambda announces support for PrincipalOrgID in resource-based policies: https://aws.amazon.com/about-aws/whats-new/2022/03/aws-lambda-principalorgid-resource-policies/ Auto...
Mar 24, 2022•5 min•Ep 362•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/google-cloud-alters-the-deal Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help l...
Mar 23, 2022•9 min•Ep 361•Transcript available on Metacast AWS Morning Brief for the week of March 21, 2022 with Corey Quinn.
Mar 21, 2022•8 min•Ep 360•Transcript available on Metacast Links: Links Referenced: Couchbase Capella: https://couchbase.com/screaminginthecloud couchbase.com/screaminginthecloud: https://couchbase.com/screaminginthecloud blog post: https://awsteele.com/blog/2022/02/03/aws-vpc-data-exfiltration-using-codebuild.html AutoWarp: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ “Google Announces Intent to Acquire Mandiant”: https://www.googlecloudpresscorner.com/2022-03-08-mgc password table: https://www.hivesys...
Mar 17, 2022•6 min•Ep 359•Transcript available on Metacast Want to give your ears a break and read this as an article? You’re looking for this link. https://www.lastweekinaws.com/blog/my-mental-model-of-aws-regions Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help...
Mar 16, 2022•9 min•Ep 358•Transcript available on Metacast AWS Morning Brief for the week of March 14, 2022 with Corey Quinn.
Mar 14, 2022•7 min•Ep 357•Transcript available on Metacast Links: The Register : https://www.theregister.com/2022/02/28/tech_response_to_ukraine/ “WTF is Cloud Native Data Security?”: https://blog.container-solutions.com/wtf-is-cloud-native-data-security Imdsv2 wall of shame: https://github.com/SummitRoute/imdsv2_wall_of_shame/blob/main/README.md “Piercing the Cloud Armor”: https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Via a third-party: https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/ “St...
Mar 10, 2022•7 min•Ep 356•Transcript available on Metacast 
