This week's articles
Announcing Clutch, the Open-source Platform for Infrastructure Tooling
Lyft released Clutch, an open-source UI and API platform for infrastructure tooling. Clutch empowers engineering teams to build, run, and maintain user-friendly workflows that also incorporate domain-specific safety mechanisms and access controls. Clutch ships with several features for managing platforms such as AWS, Envoy, and Kubernetes with an emphasis on extensibility so it can host features for any component in the stack.
Analyzing IAM Policies at Scale with Parliament
The most efficient and repeatable method for finding misconfigurations in IAM policies and roles is to automate the detection process using existing libraries. This blog explores how the Parliament
library can be run to detect if a policy is malformed, identify unknown permissions that do not exist within the platform, and callout resource mismatches when resources and permissions do not apply to each other.
So I Heard You Want to Learn Kafka
An attempt to try to help security professionals approach Kafka, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects of it. (disclaimer: I did write this post)
Basic Kubernetes Privilege Escalation
Let's say you got a reverse shell from a process running in a Kubernetes environment. This guide details the basic steps you can take to escalate your privileges within Kubernetes.
Announcing HashiCorp Vault 1.5
HashiCorp announced the general availability of HashiCorp Vault 1.5. The feature that probably impacts the most users is around rate limiting and quotas (in the OSS version). For enterprise users, there is also a Splunk App so you can get better monitoring/logging out of the box.