This week's articles
Gaining AWS Console Access via API Keys
While performing penetration tests, active IAM credentials are often found by a variety of ways. These credentials can then allow to perform privileged actions in AWS services within an AWS account. This post goes through the process of gaining access to the AWS console using leaked API credentials and introduces a tool ( AWS Consoler) to automatically convert CLI credentials into AWS console access.
Recommended Steps to Secure a DigitalOcean Kubernetes Cluster
The objective of this article is to provide a solid security foundation for a DigitalOcean Kubernetes cluster. Note that this tutorial covers basic security measures for Kubernetes, and is meant to be a starting point rather than an exhaustive guide.
Understanding Terraform state
Very interesting post explaining how the Terraform state works, how to inspect it, how to move and rename resources, and even delete them.
ElectricEye
Continuously monitor AWS services for configurations that can lead to degradation of confidentiality, integrity, or availability, with results sent to Security Hub.
Kubernetes by Parts
This tutorial builds on the legacy of Kubernetes The Hard Way by Kelsey Hightower. While KTHW is a great resource, it is aging and not using many new Kubernetes features which make manual cluster deployment both easier and more robust.
Introduction to Security Contexts and SCCs
RBAC is a good control to apply at the container platform level (Kubernetes), but it doesn't apply to the underlying nodes. That is where a Pod may not be able to delete an object in etcd using the API because it's restricted by RBAC, but it may delete important files in the system and even stop kubelet if properly programmed for that. To prevent this scenario, SCCs (Security Context Constraints) can come to the rescue.
Deprek8ion Policies
Another cool Open Policy Agent use case: a set of rego policies to monitor Kubernetes APIs deprecations.
Knative Eventing Delivery Methods
Knative Eventing has event sources, services, channels, subscriptions, brokers and triggers. It can be confusing. This blog post explains the delivery methods in Knative Eventing and when to use what.
|