#43: Azure Penetration Testing

🎧 PODCAST/WEBINAR OF THE WEEK

Kubernetes won the container wars (over Swarm, CF and Mesos) and continues to grow in use across many industries. But how did something that was about Cloud-native Applications gain traction without a developer experience? 🤔

📖 POSTS OF THE WEEK

Fantastic Infrastructure as Code security attacks and how to find them
This post we will dive into these IaC risks and focus on IaC management tools such as Terraform, cloud providers, and deployment platforms involving containers and Kubernetes. For each scenario, it will look into threats, tools, integrations, and best practices to reduce risk.
Read more »

"Stop using branches for deploying to different GitOps environments" - Branch-per-environment mostly works, but there are some issues with it - Read more »

"Azure penetration testing: the user-friendly guide" - A great guide on how you can go about performing penetration tests on Azure and what you need to consider before starting - Read more »

"Hands-on with PostgreSQL authorization" - How you can limit users to reading and mutating only their own data with row-level security (RLS) policies - Read more »

"Who’s attacking my server?" - A hands-on tutorial on how to secure a server against brute-forcing SSH access and visualize potential attackers IPs in a map - Read more »

"Contributing to complex projects" - Mitchell Hashimoto (the guy behind Terraform & others) cover in this blog post how to approach with confidence a complex open-source project - Read more »

"CRI-O vulnerability could allow container escape" - A newly discovered vulnerability in the container runtime tool CRI-O could allow attackers who are able to create pods in a Kubernetes or OpenShift to break out to the underlying cluster node, effectively escalating their privileges - Read more »

📕 BOOK OF THE WEEK

This is the book I read these past few weeks. It’s the story of Elon Musk, Peter Thiel, Reid Hoffman, David Sachs and the entire Paypal Mafia surviving the tumultuous time that was the .com era. It’s interesting to hear it from the perspective of an insider writing this before any of these people became as famous as they are today. It’s a genuinely inspiring story because it’s so different from the “young dropout starts a social media app” story we are using to hearing a lot these days.

🛠 PROJECTS OF THE WEEK

The company 0x4447 builds products to increase standardization and security in AWS Organizations. They do this with automated pipelines that use well structured projects to create secure, easy to maintain and fail tolerant solutions. One of which is their VPN product – built on top of the popular OpenVPN® project, which has no license restrictions. You are only limited by the network card in the instance - Read more »

ValidIaC combines the best open-source tools (tflint, tfsec, infracost and inframap under the same roof) to help ensure Infrastructure-as-Code best practices, hygiene & security - Read more »

In order to scan all used images in a K8s cluster for vulnerabilities this application runs scans of all used images on an interval and outputs Prometheus metrics to indicate the problematic images and their vulnerabilities - Read more »

Vim Reference Guide is intended as a concise learning free resource for beginner to intermediate level Vim users. It has more in common with cheatsheets than a typical text book. Topics like Regular Expressions and Macros have more detailed explanations and examples due to their complexity - Read more »

💼 OPEN JOBS OF THE WEEK