Kubesploit

Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested tools Read more https://armosec.io/blog/kubernetes-security-frameworks-and-guidance

Kubernetes security & vulnerability scanning tools: checkov, kube-hunter, kube-bench & Starboard Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1

In this post you’ll integrate Kubernetes with Keycloak. No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths! Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak

Cross-Account container takeover in Azure Container Instances 👉 https://unit42.paloaltonetworks.com/azure-container-instances

Encrypt your Kubernetes Secrets with Mozilla SOPS More: https://thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops

A container Security CTF Read more https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e

[PDF] Kubernetes Hardening Guidance 👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF

Kubernetes Network Policies: a practitioner's guide More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide

In this article you will learn how to secure Containers with Cosign and Distroless images Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images

Scheduled backup of Vault secrets with Jenkins on Kubernetes Read more https://igorzhivilo.com/vault/scheduled-backup-vault-secrets

Kubernetes API Access Security Hardening 👉 https://goteleport.com/blog/kubernetes-api-access-security

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam Read on https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation → https://github.com/vchinnipilli/kubestriker

Quick update! We’ve updated the Kubernetes troubleshooting flowchart to include translations in Spanish, Mandarin, Korean and Portuguese. Many thanks to @elnemesisdivina @yorchveintemil @usernametoken Marcelo & Hoon Jo! 👏👏👏 You can download the poster here: https://learnk8s.io/troubleshooting-deployments

Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster Read on https://github.com/inguardians/peirates

“Another LDAP” provides Authentication and Authorization for your applications running on Kubernetes 👉 https://github.com/dignajar/another-ldap

Vault-CRD is a custom resource definition for holding secrets that are stored in HashiCorp Vault and kept up to date with Kubernetes secrets Read more: https://github.com/DaspawnW/vault-crd

Curiefense extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs) and more Read on https://github.com/curiefense/curiefense

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA More: https://github.com/armosec/kubescape

This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, this is for you Read on: https://github.com/ahmetb/kubernetes-network-policy-recipes