logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Jason Dellaluce, Luca Guerra
2022-10-28

tldr - powered by Generative AI

Updates and improvements in the Hardcore ecosystem, including new integrations, easier deployment, and the use of Cloud SQL for package management.
  • Consistent results for clients who understand the system
  • New integrations with Golfer and Policy Report
  • Easier deployment with updated configurations and open database
  • Introduction of the body system and support for different flavors of integration
  • Use of Cloud SQL for package management and associated products
  • Review of the school developed over several months available for use
Authors: Loris Degioanni
2022-10-25

tldr - powered by Generative AI

The presentation discusses the importance of securing code repositories and how to detect and prevent threats using CNCF's Falco.
  • Code repositories are a prime target for attacks and are subject to several categories of threats such as pushing secrets, running GitHub actions with miners, and mistakenly publishing a private repository.
  • Falco is a runtime security tool that traditionally protects containers and pods in Kubernetes but now has a GitHub plugin to provide real-time runtime security for GitHub repositories.
  • Falco listens on containerized Kubernetes-based endpoints and captures signals such as system calls to detect bad stuff and give alerts.
  • Falco's rule engine is simple and customizable, allowing users to add their own rules to detect specific threats.
  • Falco is free, open-source, and can be helpful in securing code repositories.
  • The presenter invites attendees to a Falco party and a session with Falco developers to learn more about the tool.
Authors: Stefano Chierici, Lorenzo Susini
2022-10-25

tldr - powered by Generative AI

The presentation discusses how Falco, an open-source project for runtime security, can be extended to monitor capabilities and detect potential malicious behavior in Kubernetes clusters.
  • Falco is an open-source project for runtime security that has become the de facto standard for Kubernetes security.
  • Capabilities in Kubernetes can create a gray area in security monitoring, and Falco can be extended to monitor capabilities and detect potential malicious behavior.
  • The presenters created two rules using Falco to detect excessive capabilities in new containers and modifications to the release agent file.
  • Falco only monitors runtime security and does not consider configuration changes in the YAML files.
  • Falco can be deployed on Kubernetes using official charts and packages.
Authors: Furkan Türkal, Emin Aktaş
2022-05-20

tldr - powered by Generative AI

The presentation discusses the threats and security pipeline in Kubernetes environments, with a focus on audit logs, runtime security, log processing, and monitoring. The use of open source projects such as Falco and Filebeat is highlighted.
  • Kubernetes audit records actions and provides an audit trail of users and workloads
  • Falco collects logs from the kernel and focuses on threat hunting
  • Filebeat is a general purpose log processor with metrics collection capabilities
  • The data pipeline involves input, parsing, filtering, buffering, and routing
  • Using Filebeat allows for easy modification of events and logs according to business requirements
Authors: Omid Azizi, Matthew LeRay
2022-05-19

tldr - powered by Generative AI

The presentation discusses the use of Pixie and Kubernetes in DevOps to improve pipeline management and prevent production app failures.
  • Pixie and Kubernetes can be used to extract traffic data and generate curl scripts for testing and load testing.
  • GitHub actions can be used to automate the deployment of services and run curl commands against them to prevent production app failures.
  • Pixie and Kubernetes can also be used to monitor and optimize service performance.
  • The presentation provides anecdotes and examples to illustrate the use of Pixie and Kubernetes in DevOps.
Authors: Shay Berkovich
2022-05-18

tldr - powered by Generative AI

The presentation discusses how to bypass the default Falco ruleset and compromise a cluster without tripping the SOC.
  • Container security can be divided into four areas: cluster security, pre-deployment, post-deployment, and host security.
  • Falco is a runtime detection tool built on top of kernel modules or eBPF sensors.
  • The presentation highlights various techniques to bypass the default Falco ruleset, including syntactical comparison, regex bypass, and sensitive mount bypass.
  • The presenter introduces a special container image and code snippets built specifically for Falco bypasses.
  • The presentation demonstrates how an attacker can achieve full cluster compromise without tripping the SOC using the techniques discussed.
  • The presenter uses a demo setup with the GKE cluster and the securekubernetes cluster to illustrate the attack scenarios.
Authors: Leonardo Grasso, Jason Dellaluce
2022-05-18

This track will walk you through the astonishing things happening in Falco: a cloud-native runtime security project, the de facto Kubernetes threat detection engine. Two core maintainers, Jason and Leonardo, will give you a practical overview of Falco and its history but also updates on recently introduced features and the evolution of its ecosystem. This talk will deep dive into a new and very amazing feature introduced in Falco: the plugin system! Plugins are a game-changer, making Falco evolve to the next level: the all-in-one tool for cloud security and this maintainer track will show you how!Click here to view captioning/translation in the MeetingPlay platform!