Kubesploit

This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, this is for you Read on: https://github.com/ahmetb/kubernetes-network-policy-recipes

Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit → https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2

How to secure your Kubernetes control plane and node components Read more: https://cncf.io/blog/2021/08/20/how-to-secure-your-kubernetes-control-plane-and-node-components

Top Open Source Kubernetes security tools of 2021 Read on https://cloud.redhat.com/blog/top-open-source-kubernetes-security-tools-of-2021

👋 We’ve updated the Kubernetes instance calculator to include the recent change from the AWS-CNI. EC2 instances can have more pods than before, and that means running pods becomes cheaper. You can find the calculator here: https://learnk8s.io/kubernetes-instance-calculator

Creating Malicious Admission Controllers 👉 https://blog.rewanthtammana.com/creating-malicious-admission-controllers

How to improve your Docker containers security More: https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet

A Security Review of Docker Official Images: Which Do You Trust? 👉 https://blog.aquasec.com/docker-official-images

In this blog, you will explore advanced persistent threat techniques used in container attacks, learn how rootkits work, and how adversaries are using them to attack cloud native environments. Read more: https://blog.aquasec.com/advanced-persistent-threat-techniques-container-attacks

A HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem More: https://armosec.io/blog/kubescape-checks-if-kubernetes-exposed-to-k8s-symlink-vulnerability-cve202125741

Verifying Container image signatures in Kubernetes using Notary or Cosign or both More https://medium.com/sse-blog/verify-container-image-signatures-in-kubernetes-using-notary-or-cosign-or-both-c25d9e79ec45

Kubernetes Network Policies for isolating Namespaces Read on https://loft.sh/blog/kubernetes-network-policies-for-isolating-namespaces

2 Widespread attacks (Man-in-the-Middle, Cryptojacking attack) on your containerized wnvironment and 7 rules to prevent it Read more: https://itnext.io/2-widespread-attacks-on-your-containerized-environment-and-7-rules-to-prevent-it-957aa7dfa5e0

Attacking Kubernetes via misconfigured Argo Workflows Read on: https://intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows

Top 10 container security best practices Read more: https://infracloud.io/blogs/top-10-things-for-container-security?amp%3Butm_campaign=promoting_blog&%3Butm_content=kubernetes&%3Butm_medium=social

Enforcing image trust on Docker containers using Notary More https://infracloud.io/blogs/enforcing-image-trust-docker-containers-notary

The ClusterSecret operator makes sure that all the matching namespaces have a secret available. New namespaces, if they match a pattern, will also have the secret. Any change on the ClusterSecret will update all related secrets Read more https://github.com/zakkg3/ClusterSecret

Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation More https://github.com/vchinnipilli/kubestriker

Connaisseur is a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster More https://github.com/sse-secure-systems/connaisseur

gsm-controller is a Kubernetes controller that copies secrets from Google Secrets Manager into Kubernetes secrets. The controller watches Kubernetes secrets looking for an annotation, if the annotation is not found on the secret nothing more is done More https://github.com/jenkins-x/gsm-controller