From 2f8b587a745a0aa9c0d64fa8d068fcd11dc07031 Mon Sep 17 00:00:00 2001 From: "Renzie G. Butad" <127288610+renzsecurity@users.noreply.github.com> Date: Sat, 28 Oct 2023 15:47:20 +0800 Subject: [PATCH 1/2] Update README.md Updated Cloud Security Standards List, added more Automated Security Assessment Lists --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 82dd99b..c94436c 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ * [vchinnipilli - Kubestriker](https://github.com/vchinnipilli/kubestriker) ## Cloud Security Standards * [ISO/IEC 27017:2015](https://www.iso.org/standard/43757.html) +* [ISO/IEC 27018:2019](https://www.iso.org/standard/76559.html) * [MTCS SS 584](https://www.imda.gov.sg/industry-development/infrastructure/ict-standards-and-frameworks/mtcs-certification-scheme/multi-tier-cloud-security-certified-cloud-services) * [CCM](https://cloudsecurityalliance.org/group/cloud-controls-matrix) * [NIST 800-53](https://nvd.nist.gov/800-53) @@ -154,6 +155,18 @@ * [StreamAlert by Airbnb](https://github.com/airbnb/streamalert) ### Automated Security Assessment * [Prowler](https://github.com/prowler-cloud/prowler) +* [CloudFox](https://github.com/BishopFox/CloudFox) +* [SkyArk](https://github.com/cyberark/SkyArk) +* [Pacu](https://github.com/RhinoSecurityLabs/pacu) +* [Bucket Finder](https://digi.ninja/projects/bucket_finder.php) +* [Boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) +* [Principal Mapper](https://github.com/nccgroup/PMapper) +* [ScoutSuite](https://github.com/nccgroup/ScoutSuite/wiki) +* [s3_objects_check](https://github.com/nccgroup/s3_objects_check) +* [cloudsplaining](https://github.com/salesforce/cloudsplaining) +* [weirdAAL](https://github.com/carnal0wnage/weirdAAL/wiki) +* [cloudmapper](https://github.com/duo-labs/cloudmapper) +* [NetSPI/AWS_Consoler](https://github.com/NetSPI/aws_consoler) ### Benchmarking * [AWS Security Benchmark](https://github.com/awslabs/aws-security-benchmark) ### Data Loss Prevention From 98f02264d14605c3d94996164b474f35e8c1e392 Mon Sep 17 00:00:00 2001 From: "Renzie G. Butad" <127288610+renzsecurity@users.noreply.github.com> Date: Sat, 28 Oct 2023 15:54:51 +0800 Subject: [PATCH 2/2] Update README.md Added AWS Pattern --- README.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/README.md b/README.md index c94436c..541083c 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ * [Public Cloud Governance](#public-cloud-governance) * [AWS Governance](#aws-governance) * [MultiCloud Governance](#multicloud-governance) + * [AWS - Patterns](#aws---patterns) + * [URL Services](#url-services) * [Containers](#containers) * [Docker Images](#docker-images) * [Kubernetes Operators](#kubernetes-operators) @@ -40,6 +42,37 @@ * [AWS Security Hub Automated Response and Remediation](https://github.com/awslabs/aws-security-hub-automated-response-and-remediation) * [AWS Vault](https://github.com/99designs/aws-vault) * [AWS Well Architected Labs](https://github.com/awslabs/aws-well-architected-labs) + +* ## AWS - Patterns + +### URL Services + +| Service | URL | +|--------------|-----------------------| +| s3 | https://{user_provided}.s3.amazonaws.com | +| cloudfront | https://{random_id}.cloudfront.net | +| ec2 | ec2-{ip-seperated}.compute-1.amazonaws.com | +| es | https://{user_provided}-{random_id}.{region}.es.amazonaws.com | +| elb | http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80/443 | +| elbv2 | https://{user_provided}-{random_id}.{region}.elb.amazonaws.com | +| rds | mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306 | +| rds | postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432 | +| route 53 | {user_provided} | +| execute-api | https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided} | +| cloudsearch | https://doc-{user_provided}-{random_id}.{region}.cloudsearch.amazonaws.com | +| transfer | sftp://s-{random_id}.server.transfer.{region}.amazonaws.com | +| iot | mqtt://{random_id}.iot.{region}.amazonaws.com:8883 | +| iot | https://{random_id}.iot.{region}.amazonaws.com:8443 | +| iot | https://{random_id}.iot.{region}.amazonaws.com:443 | +| mq | https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162 | +| mq | ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617 | +| kafka | b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com | +| kafka | {user_provided}.{random_id}.c{1,2}.kafka.useast-1.amazonaws.com | +| cloud9 | https://{random_id}.vfs.cloud9.{region}.amazonaws.com | +| mediastore | https://{random_id}.data.mediastore.{region}.amazonaws.com | +| kinesisvideo | https://{random_id}.kinesisvideo.{region}.amazonaws.com | +| mediaconvert | https://{random_id}.mediaconvert.{region}.amazonaws.com | +| mediapackage | https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel | ### MultiCloud Governance * [Cloud Custodian](https://github.com/cloud-custodian/cloud-custodian) * [CloudQuary](https://github.com/cloudquery/cloudquery)