John Laliberte

John Laliberte

12 posts published

Auditing identity activity for NOBELIUM and MagicWeb in AWS
Security

Auditing identity activity for NOBELIUM and MagicWeb in AWS

Earlier this week Microsoft researchers [https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/] discovered NOBELIUM abusing identities and credentialed access to maintain persistence and facilitate covert access. In AWS environments, the IAM Identity Center [https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html] (formerly AWS SSO), enables