https://attack.mitre.org/matrices/enterprise/cloud/

https://aws.permissions.cloud/managedpolicies/IAMFullAccess

https://www.cidersecurity.io/wp-content/uploads/2023/01/Top-10-CI_CD-Risks-OWASP-22.pdf

https://start.paloaltonetworks.com/2023-unit42-ransomware-extortion-report

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

https://www.vaultproject.io/

https://www.cidersecurity.io/top-10-cicd-security-risks/inadequate-identity-and-access-management/

https://nvd.nist.gov/vuln/detail/cve-2021-40438

https://aws.amazon.com/cloudformation/

https://aws.amazon.com/premiumsupport/knowledge-center/aws-abuse-report/

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

https://oasis-open.github.io/cti-documentation/

https://unit42.paloaltonetworks.com/atoms/

https://attack.mitre.org/matrices/enterprise/containers/

https://unit42.paloaltonetworks.com/atoms/returnedlibra/

https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/

https://blog.aquasec.com/8220-gang-confluence-vulnerability-cve-2022-26134

https://www.lacework.com/blog/8220-gangs-recent-use-of-custom-miner-and-botnet/

https://unit42.paloaltonetworks.com/atoms/thieflibra/

https://www.lacework.com/blog/how-watchdog-smuggles-malware-into-your-network-as-uninteresting-photos/

https://unit42.paloaltonetworks.com/atoms/moneylibra/

https://www.trendmicro.com/en_us/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/initial-access-techniques-in-kubernetes-environments-used-by/ba-p/3697975

https://www.heroku.com/

https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/

https://www.togglebox.com/

https://unit42.paloaltonetworks.com/atoms/automated-libra/

https://github.com/

https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning

https://docs.gitlab.com/ee/user/application_security/secret_detection/

https://confluence.atlassian.com/bitbucketserver/secret-scanning-1157471613.html

https://cloud.google.com/logging/docs/audit

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server?source=recommendations

https://www.okta.com/identity-101/what-is-federated-identity/

https://aws.amazon.com/cloudtrail/

https://learn.microsoft.com/en-us/azure/governance/policy/overview

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

https://cloud.google.com/resource-manager/docs/organization-policy/overview#next_steps

https://cloud.google.com/resource-manager/docs/organization-policy/overview

https://learn.microsoft.com/en-us/azure/firewall-manager/policy-overview

https://www.zoomeye.org/

https://www.paloaltonetworks.com/blog/2021/07/diagnosing-the-ransomware-deployment-protocol/

https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html

https://www.shodan.io/

https://www.paloaltonetworks.com/cyberpedia/what-is-sca

https://www.cncf.io/

https://www.linuxfoundation.org/

https://linuxfoundation.org/

https://www.cncf.io/blog/2022/08/08/improving-cncf-security-posture-with-independent-security-audits/

https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf

https://logging.apache.org/log4j/2.x/

https://spring.io/projects/spring-cloud-function

https://pypi.org/project/requests/

https://unit42.paloaltonetworks.com/cybersquatting/

https://pypistats.org/packages/requests

https://www.mend.io/resources/blog/yandex-data-leak-triggers-malicious-package-publication/

https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

https://portswigger.net/daily-swig/open-source-software-repositories-play-whack-a-mole-as-dependency-confusion-copycats-exceed-5-000

https://sockpuppets.medium.com/how-i-hacked-ctx-and-phpass-modules-656638c6ec5e

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

https://helm.sh/

https://www.terraform.io/

https://sovereigntechfund.de/en

https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act

https://www.whitehouse.gov/briefing-room/statements-releases/2022/01/13/readout-of-white-house-meeting-on-software-security/

https://www.cisa.gov/executive-order-improving-nations-cybersecurity#:~:text=Executive%20Order%20(EO)%2014028%2C,adjust%20their%20network%20architectures%20accordingly.

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck

https://vuln.go.dev/

https://openssf.org/

https://openssf.org/community/alpha-omega/

https://www.paloaltonetworks.com/resources/research/state-of-cloud-native-security-2023

https://www.paloaltonetworks.com/resources/research/gartner-market-guide-cnapp

https://www.paloaltonetworks.com/cortex/cortex-data-lake

https://www.paloaltonetworks.com/prisma/cloud/cloud-native-application-protection-platform

https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial

https://www.paloaltonetworks.com/unit42

https://www.marketsandmarkets.com/Market-Reports/cloud-computing-market-234.html#tab_default_2en-US.

https://start.paloaltonetworks.com/2023-unit42-ransomware-extortion-reporten-US.en-US3.

https://www.cidersecurity.io/wp-content/uploads/2023/01/Top-10-CI_CD-Risks-OWASP-22.pdfen-US.en-US61%en-US

https://portswigger.net/daily-swig/open-source-software-repositories-play-whack-a-mole-as-dependency-confusion-copycats-exceed-5-000en-US.

https://www.paloaltonetworks.com/resources/research/state-of-cloud-native-security-2023en-US.en-US6.

https://www.paloaltonetworks.com/resources/research/gartner-market-guide-cnappen-US.

http://en-USwww.paloaltonetworks.com/en-UScompany/trademarks.htmlen-US.