kubernetes_honeypot_adventures
Analysis of a real-world attack captured in a Kubernetes honeypot.
Analysis of a real-world attack captured in a Kubernetes honeypot.
An overview of the Kubernetes api logs. What fields are useful, and some places where log visibility might be missing in most environments.
Walkthrough of basic triaging and analysis of a container which has been compromised.
Cloudtrail events in AWS offer a lot of visibility into the calls that roles leverage within the platform. Sometimes tracking the original source of the activity can be challenging. When users and other aws services from one account assume role into another hunting the origin can take a bit of backtracking.
Overview of an anomaly detection platform using cloudtrail logs, athena, lambda, s3, and dynamodb