This week's articles
Stealing arbitrary GitHub Actions secrets
Super interesting writeup describing how it was possible to read anyone's GitHub Actions secrets, write to their repositories, and publish many of their packages.
ECS Fargate threat modeling
Fargate helps users offload more security responsibilities to AWS. However, user account security and application security remain crucial. Once an attacker has successfully compromised the Fargate container, it can be used as a base for lateral movement to gain more privileges or access sensitive information.
Hacking the Cloud
#aws, #azure, #gcp, #attack
Hacking the cloud is an encyclopedia of attacks/tactics/techniques that security professionals can use in offensive engagements.
Detecting MITRE ATT&CK: Privilege escalation with Falco
Walk through of a few techniques that can be classified as MITRE privilege escalation, as well as of some examples of how an open-source tool like Falco can help you detect these container security attacks.
Type checking your Rego policies with JSON schema in OPA
Article introducing a new feature that enhances OPA's ability to statically type check Rego code by taking into account schemas for input documents. This improves programmer productivity and helps Rego programmers catch errors earlier.
3-Tier Pod Security Proposal
A proposal to replace PodSecurityPolicy with a new built-in admission controller that enforces the Pod Security Standards.