awesome-cloud-native-security

Cloud Security Guide

A collection of resources and information on cloud-native security practices and techniques.

awesome resources about cloud native security 🐿

GitHub

309 stars
14 watching
51 forks
last commit: about 1 year ago
Linked from 2 awesome lists

cloud-computingcloud-nativecloud-native-securitycloud-securitycontainercontainer-escapecontainer-securitydockerdocker-securityk8skuberneteskubernetes-securityserverlessserverless-security

Awesome Cloud Native Security 🐿 / 0 General

OWASP Cloud-Native Application Security Top 10
Hacking and Hardening Kubernetes Clusters by Example (KubeCon 2017) 308 about 4 years ago
2018绿盟科技容器安全技术报告 (2018-11)

Awesome Cloud Native Security 🐿 / 0 General / 2018绿盟科技容器安全技术报告 (2018-11)

2020绿盟科技云原生安全技术报告 (2021-01)

Awesome Cloud Native Security 🐿 / 0 General

A Measurement Study on Linux Container Security: Attacks and Countermeasures (ACSAC 2018)
Kubernetes Security: Operating Kubernetes Clusters and Applications Safely (Book, 2018-09-28)

Awesome Cloud Native Security 🐿 / 0 General / Kubernetes Security: Operating Kubernetes Clusters and Applications Safely (Book, 2018-09-28)

Container Security: Fundamental Technology Concepts that Protect Containerized Applications (Book, 2020-04-01)

Awesome Cloud Native Security 🐿 / 0 General

MITRE ATT&CK framework for container runtime security with Falco. (2019-05-10)

Awesome Cloud Native Security 🐿 / 0 General / MITRE ATT&CK framework for container runtime security with Falco. (2019-05-10)

Threat matrix for Kubernetes (Microsoft, 2020-04-02)

Awesome Cloud Native Security 🐿 / 0 General / MITRE ATT&CK framework for container runtime security with Falco. (2019-05-10) / Threat matrix for Kubernetes (Microsoft, 2020-04-02)

Microsoft's Kubernetes Threat Matrix: Here's What's Missing (2020-10-26)
Secure containerized environments with updated threat matrix for Kubernetes (2021-03-23)

Awesome Cloud Native Security 🐿 / 0 General / MITRE ATT&CK framework for container runtime security with Falco. (2019-05-10)

国内首个云上容器ATT&CK攻防矩阵发布,阿里云助力企业容器化安全落地 (2020-06-18)
MITRE ATT&CK Containers Matrix (2021-04-29)
最佳实践:发布国内首个K8S ATT&CK攻防矩阵 (青藤, 2021-08-25)
2021西部云安全峰会召开:“云安全优才计划”发布,腾讯云安全攻防矩阵亮相 (2021-09-26)
云原生安全:基于容器ATT&CK矩阵模拟攻防对抗的思考 (2021-11-01)

Awesome Cloud Native Security 🐿 / 0 General

Containers' Security: Issues, Challenges, and Road Ahead (IEEE Access 2019)
企业应用容器化的攻与防 (JINQI-CON 2019) 2,954 5 months ago
Sysdig 2021 Container Security and Usage Report (2021-01-01)
CNCF Cloud Native Security Whitepaper (2021-02-17) 2,104 3 days ago
Metarget:云原生攻防靶场开源啦! (2021-05-10)
컨테이너에서 버그 찾기 어디까지 해봤니 (How to Find Container Platform Bug, CodeEngn 2021) 90 3 months ago
Kubernetes Hardening Guidance (by NSA & CISA, 2021-08-03)
Kubernetes Security Checklist and Requirements 467 about 3 years ago
《云原生安全:攻防实践与体系构建》 729 almost 2 years ago
Security Challenges in the Container Cloud (IEEE TPS-ISA 2021) 22 9 months ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.1 General

Container Security: Examining Potential Threats to the Container Environment (2019-05-14)
云原生环境渗透工具考察 (2020-06-22)
红蓝对抗中的云原生漏洞挖掘及利用实录 (2021-03-02)
靶机实验:综合场景下的渗透实战 729 almost 2 years ago
Exploit Symlink for Fun and Profit: from Native to Cloud Native (2021-12-08) 22 9 months ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Walls Within Walls: What if your attacker knows parkour? (KubeCon 2019)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Walls Within Walls: What if your attacker knows parkour? (KubeCon 2019)

Walls Within Walls: What if Your Attacker Knows Parkour? (Video)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

k0otkit:针对K8s集群的通用后渗透控制技术 (CIS 2020) 281 over 3 years ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / k0otkit:针对K8s集群的通用后渗透控制技术 (CIS 2020)

k0otkit: Hack K8s in a K8s Way (Paper)
k0otkit: Hack K8s in a K8s Way (Video)
Github Repo for k0otkit 281 over 3 years ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Advanced Persistence Threats: The Future of Kubernetes Attacks (RSA 2020)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Advanced Persistence Threats: The Future of Kubernetes Attacks (RSA 2020)

Advanced Persistence Threats: The Future of Kubernetes Attacks (Video)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Compromising Kubernetes Cluster by Exploiting RBAC Permissions (RSA 2020)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Compromising Kubernetes Cluster by Exploiting RBAC Permissions (RSA 2020)

Compromising Kubernetes Cluster by Exploiting RBAC Permissions (Video)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms
Kubernetes Privilege Escalation: Container Escape == Cluster Admin? (Video)
Kubernetes Privilege Escalation: Container Escape == Cluster Admin? (PPT)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Command and KubeCTL: Real-world Kubernetes Security for Pentesters (Shmoocon 2020)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Command and KubeCTL: Real-world Kubernetes Security for Pentesters (Shmoocon 2020)

Deep Dive into Real-World Kubernetes Threats (2020-02-12)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Using Kubelet Client to Attack the Kubernetes Cluster (2020-08-19)
Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1 (2020-11-05)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1 (2020-11-05)

Attacking Kubernetes Clusters Through Your Network Plumbing: Part 2 (2021-05-17)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Metadata service MITM allows root privilege escalation (EKS / GKE) (2021-02-28)
etcd未授权访问的风险及修复方案详解 (2021-04-09)
New Attacks on Kubernetes via Misconfigured Argo Workflows (2021-07-20)
Creating Malicious Admission Controllers (2021-08-09)
Don’t let Prometheus Steal your Fire (2021-10-12))
Attack Cloud Native Kubernetes (HITB 2021) 2,954 5 months ago
Metasploit in Kubernetes (2021-11-04) 34,393 4 days ago
【技术推荐】云原生之Kubernetes安全 (2021-12-18)
Understanding about CVE-2017–1002101 on kubernetes (2018-03-19)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Understanding about CVE-2017–1002101 on kubernetes (2018-03-19)

Fixing the Subpath Volume Vulnerability in Kubernetes (2018-04-04)
ExP: CVE-2017-1002101 by bgeesaman 35 over 6 years ago
CVE-2017-1002101:突破隔离访问宿主机文件系统 729 almost 2 years ago
逃逸风云再起:从CVE-2017-1002101到CVE-2021-25741 (2021-10-12)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Exploiting path traversal in kubectl cp (CVE-2018-1002100, 2018-05-04)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Exploiting path traversal in kubectl cp (CVE-2018-1002100, 2018-05-04)

Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101 (2019-03-28)
CVE-2019-11246: Clean links handling in cp's tar code (2019-04-30) 111,689 4 days ago
CVE-2019-11249: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (2019-08-05) 111,689 4 days ago
CVE-2019-11251: kubectl cp symlink vulnerability (2020-02-03) 111,689 4 days ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

The Story of the First Kubernetes Critical CVE (CVE-2018-1002105, 2018-12-04)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / The Story of the First Kubernetes Critical CVE (CVE-2018-1002105, 2018-12-04)

CVE-2018-1002105(k8s特权提升)原理与利用分析报告 (2018-12-08)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

CVE-2018-1002103:远程代码执行与虚拟机逃逸 729 almost 2 years ago
Kubernetes hostPort allow services traffic interception when using kubeproxy IPVS (CVE-2019-9946, 2019-03-28)
Non-Root Containers, Kubernetes CVE-2019-11245 and Why You Should Care, (2019-08-28)
When it’s not only about a Kubernetes CVE... (CVE-2020-8555, 2020-06-03)
Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558, 2020-07-27)
Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554, 2020-12-08)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554, 2020-12-08)

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554, 2020-12-21)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / …) (2021-02-28)
Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass (2021-04-28)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass (2021-04-28)

ExP: CVE-2021-25735 by darryk10 18 over 3 years ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes

Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack (2021-05-24)
浅谈云上攻防——CVE-2020-8562漏洞为k8s带来的安全挑战 (2021-10-25)
cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.2 Kubernetes / cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

谁动了我的core_pattern?CVE-2022-0811容器逃逸漏洞分析

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Abusing Privileged and Unprivileged Linux Containers (2016-06-01)
Bypassing Docker Authz Plugin and Using Docker-Containerd for Privesc (2019-07-11)
A Methodology for Penetration Testing Docker Systems (Bachelor Theses, 2020-01-17)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / A Methodology for Penetration Testing Docker Systems (Bachelor Theses, 2020-01-17)

针对容器的渗透测试方法 (2020-04-17)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

里应外合:借容器root提权 (2020-12-03)
CVE-2021-21287: 容器与云的碰撞——一次对MinIO的测试 (2021-01-30)
New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291) (2021-04-14)
Container escape through open_by_handle_at (shocker exploit) (2014-06-18)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Container escape through open_by_handle_at (shocker exploit) (2014-06-18)

Docker breakout exploit analysis (2014-06-19)
PoC: Shocker by gabrtv 117 over 10 years ago
Docker 容器逃逸案例分析 (2016-07-19)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Dirty COW - (CVE-2016-5195) - Docker Container Escape (2017-09)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Dirty COW - (CVE-2016-5195) - Docker Container Escape (2017-09)

ExP: CVE-2016-5195 by scumjr 492 almost 3 years ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Escaping Docker container using waitid() – CVE-2017-5123 (2017-12-27)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Escaping Docker container using waitid() – CVE-2017-5123 (2017-12-27)

Escaping Docker container using waitid() - CVE-2017-5123 (Video)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

A Compendium of Container Escapes (Black Hat 2019)
In-and-out - Security of Copying to and from Live Containers (Open Source Summit 2019)
CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host (2019-02-13)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host (2019-02-13)

ExP: CVE-2019-5736 by Frichetten 642 almost 3 years ago
Escaping a Broken Container - 'namespaces' from 35C3 CTF (2019-04-15)
容器逃逸成真:从CTF到CVE-2019-5736 (2019-11-20)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

An Exercise in Practical Container Escapology (2019-03-07)
Felix Wilhelm's Twitter on the Escape Technique utilizing release_agent (2019-07-17)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Felix Wilhelm's Twitter on the Escape Technique utilizing release_agent (2019-07-17)

Understanding Docker container escapes (2019-07-19)
Privileged Container Escape - Control Groups release_agent (2020-11-19)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Kubernetes Pod Escape Using Log Mounts (2019-08-01)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Kubernetes Pod Escape Using Log Mounts (2019-08-01)

Kubelet follows symlinks as root in /var/log from the /logs server endpoint (debate on hackerone, 2021-04-02)
PoC: kube-pod-escape 92 about 4 years ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Original Tweet on CVE-2019-16884 (2019-09-22)
CVE-2019-19921: Volume mount race condition with shared mounts (2020-01-01) 11,987 2 days ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / CVE-2019-19921: Volume mount race condition with shared mounts (2020-01-01)

PoC: runc-masked-race.sh
PATCH RFC 1/1 mount: universally disallow mounting over symlinks (2019-12-30)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

容器逃逸技术概览 (2020-02-21)
Escaping Virtualized Containers (Black Hat 2020)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Escaping Virtualized Containers (Black Hat 2020)

Kata Containers逃逸研究 (2020-09-25)
Security advisory for four vulnerabilities in Kata Containers (2020-12-04)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel (2020-10-09)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel (2020-10-09)

Containing a Real Vulnerability (2020-09-18)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)

ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again (2020-12-10)
容器逃逸CVE-2020-15257 containerd-shim Exploit开发 (2020-12-14)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

The Strange Case of How We Escaped the Docker Default Container (CVE-2020-27352, 2021-03-04)
runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465, 2021-05-30)
RunC TOCTOU逃逸CVE-2021-30465分析 (2021-08-18)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
【安全干货】Docker CVE-2018-6552 (2021-06-30)
CVE-2021-22555: Turning \x00\x00 into 10000$ (2021-07-07)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / CVE-2021-22555: Turning \x00\x00 into 10000$ (2021-07-07)

CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

With Friends like eBPF, who needs enemies? (Defcon 29)
Container Escape in 2021 (HITB 2021)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Container Escape in 2021 (HITB 2021)

Container Escape in 2021 (KCon 2021) 4,595 4 months ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances (2021-09-09)
云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784, 2021-12-06) 11,987 2 days ago
Issue 2241: runc/libcontainer: insecure handling of bind mount sources

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Podman Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2023-0778)
Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (CCS 2019)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container / Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (CCS 2019)

Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (Video)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.3 Container

Docker组件间标准输入输出复制的DoS攻击分析 (网络信息安全学报 2020)
Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization (CCS 2021)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.4 Serverless

Hacking Serverless Runtimes (Black Hat 2017)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.4 Serverless / Hacking Serverless Runtimes (Black Hat 2017)

Hacking Serverless Runtimes (Whitepaper)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.4 Serverless

Serverless Toolkit for Pentesters (2018-11-11)
Serverless Red Team Infrastructure: Part 1, Web Bugs (2018-09)
针对AWS Lambda的运行时攻击 (2020-12-02)
How We Escaped Docker in Azure Functions (2021-01-27)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.4 Serverless / How We Escaped Docker in Azure Functions (2021-01-27)

Royal Flush: Privilege Escalation Vulnerability in Azure Functions (2021-04-08)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.4 Serverless

RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
CDN+FaaS打造攻击前置 (2021-08-11)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.6 Service Mesh

A Survey of Istio’s Network Security Features (2020-03-04)
Istio访问授权再曝高危漏洞 (CVE-2020-8595, 2020-03-13)
Attack in a Service Mesh (CIS 2020) 2,954 5 months ago
Istio Security Assessment (2021-07-13 (disclosed), 2020-08-06 (accomplished) by Istio with NCC Group)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.7 API Gateway

腾讯蓝军安全提醒:开源云原生API网关Kong可能会成为攻击方进入企业内网的新入口(CVE-2020-11710) (2020-04-15)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.8 Windows Containers

Well, That Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in The Hypervisor via Shadow Containers (Black Hat 2017)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.8 Windows Containers / Well, That Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in The Hypervisor via Shadow Containers (Black Hat 2017)

Well, That Escalated Quickly! (Whitepaper)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.8 Windows Containers

What I Learned from Reverse Engineering Windows Containers (2019-12-12)
Windows Server Containers Are Open, and Here's How You Can Break Out (2020-07-15)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.8 Windows Containers / Windows Server Containers Are Open, and Here's How You Can Break Out (2020-07-15)

PoC by James Forshaw (the author of post Who Contains the Containers?)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.8 Windows Containers

Who Contains the Containers? (Project Zero, 2021-04-01)

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.9 Tools

kube-hunter - Hunt for security weaknesses in Kubernetes clusters 4,774 9 months ago
serverless_toolkit - A collection of useful Serverless functions I use when pentesting 381 about 2 years ago
kubesploit 1,130 5 months ago
kubeletmein - Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers 160 about 1 year ago
CDK - Zero Dependency Container Penetration Toolkit 3,976 about 1 month ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.9 Tools / CDK - Zero Dependency Container Penetration Toolkit

Zero Dependency Container Penetration Toolkit (Blackhat 2021) 2,954 5 months ago
CDK: Also a Awesome BugBounty Tool for Cloud Platform (WHC 2021) 2,954 5 months ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.9 Tools

Metarget - framework providing automatic constructions of vulnerable infrastructures 1,113 about 2 months ago
red-kube - Red Team K8S Adversary Emulation Based on kubectl 817 over 3 years ago
whoc - A container image that extracts the underlying container runtime 130 about 2 years ago
kdigger - A context discovery tool for Kubernetes penetration testing 441 6 months ago

Awesome Cloud Native Security 🐿 / 1 Offensive / 1.9 Tools / kdigger - A context discovery tool for Kubernetes penetration testing

Introduction to kdigger

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.1 Standards and Benchmarks

NIST.SP.800-190 Application Container Security Guide (2017-09-25)
NIST.IR.8176 Security Assurance Requirements for Linux Application Container Deployments (2017-10)
OWASP Container Security Verification Standard 57 over 5 years ago
CIS Kubernetes Benchmark
CIS Docker Benchmark
NIST.SP.800-204 Security Strategies for Microservices-based Application Systems (2019-08)

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.1 Standards and Benchmarks / NIST.SP.800-204 Security Strategies for Microservices-based Application Systems (2019-08)

NIST.SP.800-204B Attribute-based Access Control for Microservices-based Applications Using a Service Mesh (2021-08)

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.2 Kubernetes

Kubernetes中的异常活动检测 (KCon 2021) 4,595 4 months ago

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.3 Container

Understanding and Hardening Linux Containers (2016-06-29)
探索Sysdig Falco:容器环境下的异常行为检测工具 (2019-09-25)
云原生之容器安全实践 (2020-03-12)
容器环境相关的内核漏洞缓解技术 (2020-08-31)
Detecting a Container Escape with Cilium and eBPF

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.4 Secure Container

Making Containers More Isolated: An Overview of Sandboxed Container Technologies (2019-06-06)
深度解析 AWS Firecracker 原理篇 – 虚拟化与容器运行时技术 (2019-12-09)
以Docker为代表的传统容器到了生死存亡之际 (2019-12-24)
Kata Containers创始人:安全容器导论 (2019-12-26)

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.5 Network

BASTION: A Security Enforcement Network Stack for Container Networks (USENIX 2020)

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.6 Practices

国外顶尖容器安全产品是怎么做的 (2020-12-04)
云原生|容器和应用安全运营实践思考 (2021-09-07)

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.7 Tools

docker-bench-security 9,195 about 2 months ago
kube-bench 7,129 6 days ago
KubiScan 1,329 8 days ago
Falco 7,460 7 days ago

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.7 Tools / Falco

Bypass Falco (2020-11-20)
Detecting MITRE ATT&CK: Defense evasion techniques with Falco (2021-02-02)
Detecting MITRE ATT&CK: Privilege escalation with Falco (2021-03-02)

Awesome Cloud Native Security 🐿 / 2 Defensive / 2.7 Tools

Elkeid - Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture 2,281 15 days ago
kubescape - kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA 10,292 4 days ago
veinmind-tools 1,538 11 months ago
cnspec - cloud-native security and policy project

Awesome Cloud Native Security 🐿 / 3 Incidents

Lessons from the Cryptojacking Attack at Tesla (2018-02-20)
Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub (2019-10-15)
Detect large-scale cryptocurrency mining attack against Kubernetes clusters (2020-04-08)
Coinminer, DDoS Bot Attack Docker Daemon Ports (2020-05-06)

Awesome Cloud Native Security 🐿 / 3 Incidents / Coinminer, DDoS Bot Attack Docker Daemon Ports (2020-05-06)

TeamTNT团伙对Docker主机发起攻击活动,植入挖矿木马 (2020-08-04)
Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials (2020-08-16)
Cetus: Cryptojacking Worm Targeting Docker Daemons (2020-08-27)
Black-T: New Cryptojacking Variant from TeamTNT (2020-10-05)
TeamTNT 挖矿木马利用Docker Remote API未授权访问漏洞入侵云服务器 (2020-11-27)
TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger (2020-12-18)
Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes (2021-02-03)
TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack (2021-05-25)
Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group (2021-06)
TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations (2021-06-04)
TeamTNT with new campaign aka "Chimaera" (2021-09-08)
Team TNT Deploys Malicious Docker Image On Docker Hub (2021-10-07)
再次捕获云上在野容器攻击,TeamTNT黑产攻击方法揭秘 (2021-10-20)
Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT (2021-11-09)

Awesome Cloud Native Security 🐿 / 3 Incidents

Misconfigured Kubeflow workloads are a security risk (2020-06-10)
鉴权配置不当,蠕虫在自建K8s集群自由出入 (2020-09-16)
Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments (2021-06-07)
NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign (2021-07-01)

Awesome Cloud Native Security 🐿 / 3 Incidents / NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign (2021-07-01)

Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments (2021-07)

Awesome Cloud Native Security 🐿 / 3 Incidents

DockerHub再现百万下载量黑产镜像,小心你的容器被挖矿 (2021-08-30)
Misconfigured Kafdrop Puts Companies’ Apache Kafka Completely Exposed (2021-12-06)

Backlinks from these awesome lists:

More related projects: