This week's articles
The Current State of Kubernetes Threat Modelling
A post summarising the outcome produced by three main initiatives which took upon the challenge of threat modelling a Kubernetes cluster, so that anyone can use them as a starting point for their own (custom) threat modelling exercise. (Disclaimer: I did write this post)
Cross-Cluster Traffic Mirroring with Istio
How to tackle the usual problem of testing in dev environments which do not have any (real) traffic? The Trivago team leveraged the traffic mirroring feature of Istio to replicate traffic from production to development environments. Watch out for customer data!
Encrypting Data while Preserving Formatting with the Vault Enterprise Transform Secrets Engine
Vault 1.4 Enterprise introduced a new secrets engine called Transform. Transform is a secrets engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. The Transform engine allows to ensure that when a system is compromised, and its data is leaked, that the encoded secrets remain uncompromised even when held by an adversary.
Tools for Cloud Examination
Interesting presentation describing how to setup a response environment and how to perform forensics in the cloud.
Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant
Post describing a new attack vector: Azure Applications. Attackers can create, disguise, and deploy malicious Azure apps to use in their phishing campaigns. Once the attacker convinces the victim to click-to-install malicious Azure apps, they can map the user's organization, gain access to the victim's files, read their emails, send emails on their behalf (great for internal spear phishing), and a whole lot more.