tldr - powered by Generative AI

• Consistent results for clients who understand the system
• New integrations with Golfer and Policy Report
• Easier deployment with updated configurations and open database
• Introduction of the body system and support for different flavors of integration
• Use of Cloud SQL for package management and associated products
• Review of the school developed over several months available for use

tldr - powered by Generative AI

• Code repositories are a prime target for attacks and are subject to several categories of threats such as pushing secrets, running GitHub actions with miners, and mistakenly publishing a private repository.
• Falco is a runtime security tool that traditionally protects containers and pods in Kubernetes but now has a GitHub plugin to provide real-time runtime security for GitHub repositories.
• Falco listens on containerized Kubernetes-based endpoints and captures signals such as system calls to detect bad stuff and give alerts.
• Falco's rule engine is simple and customizable, allowing users to add their own rules to detect specific threats.
• Falco is free, open-source, and can be helpful in securing code repositories.
• The presenter invites attendees to a Falco party and a session with Falco developers to learn more about the tool.

tldr - powered by Generative AI

• Falco is an open-source project for runtime security that has become the de facto standard for Kubernetes security.
• Capabilities in Kubernetes can create a gray area in security monitoring, and Falco can be extended to monitor capabilities and detect potential malicious behavior.
• The presenters created two rules using Falco to detect excessive capabilities in new containers and modifications to the release agent file.
• Falco only monitors runtime security and does not consider configuration changes in the YAML files.
• Falco can be deployed on Kubernetes using official charts and packages.

tldr - powered by Generative AI

• Kubernetes audit records actions and provides an audit trail of users and workloads
• Falco collects logs from the kernel and focuses on threat hunting
• Filebeat is a general purpose log processor with metrics collection capabilities
• The data pipeline involves input, parsing, filtering, buffering, and routing
• Using Filebeat allows for easy modification of events and logs according to business requirements

tldr - powered by Generative AI

• Pixie and Kubernetes can be used to extract traffic data and generate curl scripts for testing and load testing.
• GitHub actions can be used to automate the deployment of services and run curl commands against them to prevent production app failures.
• Pixie and Kubernetes can also be used to monitor and optimize service performance.
• The presentation provides anecdotes and examples to illustrate the use of Pixie and Kubernetes in DevOps.

tldr - powered by Generative AI

• Container security can be divided into four areas: cluster security, pre-deployment, post-deployment, and host security.
• Falco is a runtime detection tool built on top of kernel modules or eBPF sensors.
• The presentation highlights various techniques to bypass the default Falco ruleset, including syntactical comparison, regex bypass, and sensitive mount bypass.
• The presenter introduces a special container image and code snippets built specifically for Falco bypasses.
• The presentation demonstrates how an attacker can achieve full cluster compromise without tripping the SOC using the techniques discussed.
• The presenter uses a demo setup with the GKE cluster and the securekubernetes cluster to illustrate the attack scenarios.