This week's articles
Attacking and Defending Kubernetes Clusters
A Guided Walkthrough Guide to help you create your own Kubernetes environment so you can take on the role of two attacking personas looking to make some money and one defending persona working hard to keep the cluster safe and healthy.
Enumerating Docker Registries with go-pillage-registries
In order to take full advantage of compromised Docker registries, NCC Group has developed go-pillage-registries
. This repository contains a tool called pilreg, which provides a pentester-focused interface for these registries. pilreg allows attackers to easily enumerate images stored in a registry in order to obtain their metadata and filesystems.
Use GitHub actions at your own risk
Classic supply chain attack: malicious code can be inserted into any GitHub action, even those which are tagged. Instead of checking out a branch or a tag (both are not safe), you could use a commit hash instead.
preflight - Automatically perform Kubernetes configuration checks using OPA
Preflight Packages are a very thin wrapper around OPA's policies. A package is made of Rego files (OPA's high-level declarative language) and a Policy Manifest. The Policy Manifest is a YAML file intended to add metadata to the rules, so the tool can display useful information when a rule doesn't pass.
VirusTotal released a set of changes and improvements to their VirusTotal Graph, which aims to provide a tool which understands the relationship between files, URLs, domains and IP addresses, and an easy interface to pivot and navigate over them. Plus, it also has an API