What’s New with CNAPPgoat?
Read about the newest, expanded features in Ermetic’s open source vu…
The Azure Metadata Protection You Didn’t Kno…
Some Azure services have an additional, not widely known, protection m…
Stronger Together: Writing a New Chapter in Cloud …
We’re excited to share that Tenable has announced intent to acquire …
3 Types of Cyber Attackers: Which Organizations Do They Target?
Is an attacker interested in your organization? Probably. Deconstructing the PoV of cyber attackers is key to defending your turf.
3 Ways to Reduce the Risk from Misused AWS IAM User Access Keys
Used incorrectly, AWS IAM User Access Keys can pose high risk; the good news is that great alternatives, explored here,…
Cloud
See all
The Benefits of Cloud Entitlement Management
Cloud identities and entitlements pose grave challenges – learn about the benefits of CIEM solutions and KPIs for measuring them
CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
All about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments.
Do I Need CNAPP If We’re Only Starting to Deploy to the Cloud?
It’s a leading question because no matter how new you are to the cloud you need CNAPP – find out…
AWS
See all
The Next Step in the IMDSv1 Redemption Journey
Learn about AWS’s new open source library for enforcing IMDSv2 and Ermetic’s new lab for trying it out
Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges
Learn how an AWS service usage and permissions combination discovered by Ermetic may increase risk upon a certain non-compliance
Terraform Lab: Taking the New VPC Endpoint Condition Keys Out for a Spin
Our new open source Terraform project offers hands-on experience with VPC endpoints and demos AWS’s new condition keys for securing…
Azure
See all
Uncovering 3 Azure API Management Vulnerabilities – When Good APIs Go Bad
Learn how now-patched Azure API Management service vulnerabilities revealed by the Ermetic research team enabled malicious actions
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.
Ermetic’s research team discovered a remote code execution vulnerability affecting services such as Function Apps, App Service and Logic Apps…
A Caveat for Azure VM Public IP Configuration
If you’re not familiar enough with the SKU attribute of the Azure public IP address, you may think you’re configuring…
GCP
See all
The Default Toxic Combination of GCP Compute Engine Instances
By default, compute instances in GCP are prone to a toxic combination that you should be aware of, and can…
How Attackers Can Exploit GCP’s Multicloud Workload Solution
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to…
The Advanced Risk of Basic Roles In GCP IAM
Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using…
