Release Date: 08/09/2019 | Issue: 2
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles


Kubernetes Pod Escape Using Log Mounts
How a pod running as root and with a mount point to the node's /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs. Also interesting for understanding how 'kubectl logs' works.


DNS Spoofing on Kubernetes Clusters
How an attacker who manages to run malicious code on a cluster can successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM attack on all network traffic of pods.


Gaining Persistency on Vulnerable Lambdas
How an attacker can persist on a vulnerable Lambda instance and gain access to other invocations. With the release of a companion tool.


Adopting Istio for a multi-tenant kubernetes cluster in Production
A company's journey with Istio, highlighting their Istio adoption strategy and overall journey so far.


Network Architecture Design for Microservices on GCP
Nice post which focuses on how to design a microservices network architecture on GCP.


GSuite user & groups now in Cartography
If you haven't used Cartography yet, I highly recommend to take a look at it.


Did you know that the Kubernetes community has a set of icons in their GitHub repo?
These icons are a way to standardize Kubernetes architecture diagrams for presentations.


Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.