This week's articles
Detecting a Container Escape with Cilium and eBPF
#attack, #containers, #kubernetes, #monitor
How an attacker with access to your Kubernetes cluster could do a container escape (running a pod to gain root privileges, escaping the pod onto the host, and persisting the attack with invisible pods and fileless executions), and how to detect these attacks.
Scanning Millions Of Publicly Exposed Docker Containers
A research which confirmed that Docker files usually contain a mind-blowing amount of hardcoded credentials. They included AWS and other cloud environment access keys, private keys, webhooks, and more. The most commonly found secret was the username and password to clone git repositories.
Understanding Azure Logs from a security perspective
First in a blog series that covers the audit logs available in Azure, discusses the security insights that we can obtain from them, and also highlights existing blind spots that can save you a few headaches down the line.
Vault as an OIDC Provider
#announcement, #iam, #vault
With release 1.9, Vault can now act as an OIDC provider itself, allowing applications to leverage pre-existing Vault identities for delegating authentication and authorization into their applications.
A Fulcio Deep Dive
This blog post is an introduction to Fulcio
, a free Root-CA for code signing certs - issuing certificates based on an OIDC email address.