Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite

tl;dr You can now have Scout Suite scan not only your cloud environments, but your Kubernetes clusters. Just have your kubeconfig ready and run the following commands: $ pip3 install --user https://github.com/nccgroup/ScoutSuite/archive/develop.zip $ scout kubernetes Background NCC Group’s Container Orchestration Security Service (COSS) practice regularly conducts Kubernetes cluster configuration reviews spanning platform-managed Kubernetes clusters across … Continue reading Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite

Tool Release – ScoutSuite 5.12.0

We are excited to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! This version includes multiple bug fixes, dependency updates and feature enhancements for AWS, Azure and GCP. It also adds and updates several rules for these three cloud providers, alongside improved finding templates and descriptions. The … Continue reading Tool Release – ScoutSuite 5.12.0

Exception Handling and Data Integrity in Salesforce

Robust exception handling is one of the tenets of best practice for development, no matter what the coding language. This blog post explores the curious circumstances in which a developer trying to do the right thing - but without appreciating the full effects - could lead to data integrity issues in a Salesforce Organization. As … Continue reading Exception Handling and Data Integrity in Salesforce

Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

As one of the proud contributors to the newest version of the CIS Google Cloud Platform Foundation Benchmark, I wanted to raise awareness about the new version release of this benchmark [1] by the Center for Internet Security (CIS) and how it can help a company to set a strong security baseline or foundation for … Continue reading Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

Tool Release – ScoutSuite 5.11.0

We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! The most significant improvements and features added include: CoreImproved CLI options, test coverage and some dependenciesAWSAdded new findings for multiple servicesBug fixesAdded ARNs for all resourcesAzureAdded new findingsBug fixesGCPNew ruleset for GCP CIS version 1.1Added support … Continue reading Tool Release – ScoutSuite 5.11.0

Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark

As one of the proud contributors to the Center for Internet Security (CIS) Microsoft 365 Foundation Benchmark, I wanted to raise awareness about the new version release by the Center for Internet Security (CIS) released on February 17th, and how it can help a company to have a secure baseline for their Microsoft 365 tenant. … Continue reading Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark

10 real-world stories of how we’ve compromised CI/CD pipelines

by Aaron Haymore, Iain Smart, Viktor Gazdag, Divya Natesan, and Jennifer Fernick Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD … Continue reading 10 real-world stories of how we’ve compromised CI/CD pipelines

Detection Engineering for Kubernetes clusters

Written by Ben Lister and Kane Ryans This blog post details the collaboration between NCC Group's Detection Engineering team and our Containerisation team in tackling detection engineering for Kubernetes. Additionally, it describes the Detection Engineering team's more generic methodology around detection engineering for new/emerging technologies and how it was used when developing detections for Kubernetes-based … Continue reading Detection Engineering for Kubernetes clusters

NSA & CISA Kubernetes Security Guidance – A Critical Review

Last month, the United States' National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report (CTR) detailing the security hardening they recommend be applied to Kubernetes clusters, which is available here. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or … Continue reading NSA & CISA Kubernetes Security Guidance – A Critical Review

Are you oversharing (in Salesforce)? Our new tool could sniff it out!

Unauthorised access to data is a primary concern of clients who commission a Salesforce assessment. The Salesforce documentation acknowledges that the sharing model is a "complex relationship between role hierarchies, user permissions, sharing rules, and exceptions for certain situations"[1]. It is often said that complexity and security are natural enemies. Salesforce empowers its users with … Continue reading Are you oversharing (in Salesforce)? Our new tool could sniff it out!