kubernetes_honeypot_adventures

Analysis of a real-world attack captured in a Kubernetes honeypot.

November 3, 2022 · 14 min · Travis

kubernetes_logs_for_responders

An overview of the Kubernetes api logs. What fields are useful, and some places where log visibility might be missing in most environments.

June 11, 2022 · 7 min · Travis

compromised_container_analysis_primer

Walkthrough of basic triaging and analysis of a container which has been compromised.

May 10, 2022 · 17 min · Travis

assumed_role_breadcrumbs

Cloudtrail events in AWS offer a lot of visibility into the calls that roles leverage within the platform. Sometimes tracking the original source of the activity can be challenging. When users and other aws services from one account assume role into another hunting the origin can take a bit of backtracking.

November 28, 2018 · 6 min · Travis

cloudtrail_anomaly_detection

Overview of an anomaly detection platform using cloudtrail logs, athena, lambda, s3, and dynamodb

November 28, 2018 · 7 min · Travis