Netflix open-sourced their crisis management orchestration framework: Dispatch! Dispatch helps effectively manage security incidents by deeply integrating with existing tools used throughout an organization (Slack, GSuite, Jira, etc.). Dispatch leverages the existing familiarity of these tools to provide orchestration instead of introducing another tool. This means you can let Dispatch focus on creating resources, assembling participants, sending out notifications, tracking tasks, and assisting with post-incident reviews; allowing you to focus on actually fixing the issue!

Slides of @connorgilbert's talk at BSidesSF 2020, covering some of the basic building blocks of containerized infrastructure (with an eye toward how they affect your life, or the life of your favourite dev, ops, or security team), and then going into some of the particulars of Kubernetes and how it works today (How risky is it? How badly could this go? And how easy is it to mitigate the risk, if there is one?)

The current understanding of "container security" as a term and market is muddled, especially given containers are used by different teams in different contexts. It could mean scanning image repositories for vulnerabilities or exposed secrets, managing credentials for container deployment, or monitoring running containers for unwanted activity. This post aims to help provide some clarity around the market for all involved.

This blog post explores what it takes to build your own Kubernetes log aggregator, using a Node.js microservice as an example.

This article explains how certain components within Azure can be leveraged from an offensive perspective and introduces PowerZure, a project to help with offensive operations against Azure.

Managed Identities on Azure VMs can be given excessive permissions. Access to these VMs could lead to privilege escalation.

A kubernetes operator for creating isolated environments, by using segregated namespaces and RBAC for authenticated users specified in the CRD.

Interesting article on detecting post-compromise anomalous patterns based on parent-child process relationships.

This post shows how to run a Chef InSpec scan with AWS Systems Manager and Systems Manager Run Command across your managed instances. InSpec is an open-source runtime framework that lets you create human-readable profiles to define security, compliance, and policy requirements and then test your EC2 instances against those profiles. InSpec profiles can also be used to make sure certain network ports aren’t reachable, to verify that certain packages are not installed, and/or to confirm that certain processes are running on your instances.

AWS introduced an addition to Config: conformance packs. Conformance packs help you manage configuration compliance of your AWS resources at scale – from policy definition to auditing and aggregated reporting, using a common framework and packaging model.

Documentation shows you how to configure RDS to meet your security and compliance objectives.

You can now better protect your organization’s identity data by encrypting LDAP communications between AWS Directory Service products and self-managed Active Directory. Client-side secure LDAP (LDAPS) support enables applications that integrate with AWS Directory Service, such as Amazon WorkSpaces and AWS Single Sign-On, to connect to AD using Secure Sockets Layer/Transport Layer Security (SSL/TLS).

You can now create an Internal HTTP(S) Load Balancers in GKE using Ingress.