logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Ceri Coburn Red Team Operator & Offensive Security Dev @ Pen Test Partners
2023-08-01

The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
Authors: Sam Stepanyan
2023-02-16

tldr - powered by Generative AI

Nettacker: An Automated Penetration Testing Framework
  • Nettacker is a free and open-source automated reconnaissance and penetration testing tool
  • It can scan networks for vulnerabilities, discover expired SSL certificates, and find subdomains hosting vulnerable versions of content management systems
  • Nettacker can be used by both attackers and defenders, and has been helpful for bug bounty research
  • The tool uses YAML modules and is written in Python
  • Nettacker can be automated using GitHub actions and Docker containers
  • Automated scans can be scheduled to run regularly and generate reports as artifacts
Authors: Vincent Batts
2022-10-28

tldr - powered by Generative AI

The presentation discusses the challenges of deploying and managing cloud-native applications in a Linux environment, and the various tools and distributions available to address these challenges.
  • Linux's malleability makes it a good target for deploying cloud-native applications, but also leads to confusion and inconsistency
  • Managing package dependencies and ensuring consistency across different distributions is a major challenge
  • Artisanal changes made to deployments can lead to security vulnerabilities and make it difficult to track changes
  • Various tools and distributions, such as Kubernetes, Fedora CoreOS, and Bottle Rocket, are available to address these challenges
Authors: Amim Knabben, Xinqi Li
2022-10-27

tldr - powered by Generative AI

The presentation discusses the use of Sona boy plugin to run Windows operational readiness tests in Kubernetes clusters.
  • The Sona boy plugin can be used to run Windows operational readiness tests in Kubernetes clusters.
  • The plugin can be used inside the cluster instead of running the tests outside the software.
  • The plugin can be used to parse and extract results and give a summary of the results.
  • The plugin can be used to publish the latest Sona boy image of the project on the GCR bucket Upstream.
  • The plugin can be used to bootstrap a Windows cluster locally using Windows Dev tools.
  • The plugin can be integrated with Pro jobs to run the tests and bring up the results of changes in the project.
  • The plugin can be used with Cappy to bring up a new workload cluster in the hybrid view or Windows view.
  • The plugin can be used with runtime extensions and closer class to execute commands or operations in the lifecycle of a cluster.
Authors: Shane Corbett, Wil Reed
2022-10-26

tldr - powered by Generative AI

Lessons learned from misadventures in running a large-scale multi-tenant Kubernetes cluster in production
  • Misapplying Kubernetes concepts to Linux performance rules is a big mistake
  • Thinking in cores can be dangerous, as Linux thinks in time
  • Configuring cores actually converts into time
  • Properly scaling on the right metric can greatly simplify cluster setup and reduce churn
  • Measuring what's going on is necessary to understand best practices for a cluster
  • Prometheus is a good tool for measuring cluster performance
Authors: Stefano Chierici, Lorenzo Susini
2022-10-25

tldr - powered by Generative AI

The presentation discusses how Falco, an open-source project for runtime security, can be extended to monitor capabilities and detect potential malicious behavior in Kubernetes clusters.
  • Falco is an open-source project for runtime security that has become the de facto standard for Kubernetes security.
  • Capabilities in Kubernetes can create a gray area in security monitoring, and Falco can be extended to monitor capabilities and detect potential malicious behavior.
  • The presenters created two rules using Falco to detect excessive capabilities in new containers and modifications to the release agent file.
  • Falco only monitors runtime security and does not consider configuration changes in the YAML files.
  • Falco can be deployed on Kubernetes using official charts and packages.
Authors: Casey Schaufler
2022-09-16

The Simplified Mandatory Access Control Kernel (Smack) Linux security module was introduced in 2008 and is currently used in millions of devices. Unlike SELinux and AppArmor, Smack has never been supported by a major Linux distribution. The greatest barriers to distribution support have been that only one "major" security module can be used at a time and that there has been no example of a Smack rule set to use as a basis for a distribution's policy. In this talk Casey Schaufler, the author of Smack, will describe a new effort to create a reference set of Smack rules and apply it to a major Linux distribution. The talk starts with a description of how Smack rules work and how they differ from SELinux and AppArmor policy. It moves on to cover the threats being addressed and how a "three domain" approach provides the required protection. How a distribution to target was chosen is revealed and what steps are taken to keep the scheme flexible enough to be useful elsewhere. The current state of the effort and the identified challenges are presented. Finally, there will be an invitation for additional participation in the project.
Conference:  ContainerCon 2022
Authors: Phu Tran, Vinay Kulkarni
2022-06-23

tldr - powered by Generative AI

The presentation discusses the use of ebpf technology in achieving cni networking with Mizar and XDP. The speaker also talks about future plans for enhancing the technology and proposes a formal EPA change to Kubernetes.
  • Ebpf technology was used to achieve cni networking with Mizar and XDP without changing any lines of kernel code
  • Future plans include enhancing the technology with a tx hook for XDP, proposing a formal EPA change to Kubernetes, and improving performance measurement
  • The speaker also discusses the need for a management plane and multi-tenant networking
  • The presentation includes a demo of the technology using four virtual machines
Conference:  ContainerCon 2022
Authors: Glen Darling
2022-06-23

tldr - powered by Generative AI

Open Horizon is an edge computing platform that uses policy-based autonomous agents to manage fleets of devices. It can handle unreliable networks and has the ability to revert to previous versions of software in case of failure. It also allows for the manual provision of software bill of materials (S-BOM) data to avoid deploying risky software.
  • Open Horizon uses policy-based autonomous agents to manage fleets of devices
  • It can handle unreliable networks and has the ability to revert to previous versions of software in case of failure
  • It allows for the manual provision of software bill of materials (S-BOM) data to avoid deploying risky software
Authors: Martynas Pumputis, Aditi Ghag
2021-10-15

tldr - powered by Generative AI

Debugging Kubernetes networking issues with eBPF
  • Debugging Kubernetes networking can be difficult due to the complexity of Linux kernel networking
  • Traditional tools like tcpdump and logging-based methods are not sufficient for debugging
  • eBPF can be used to efficiently troubleshoot K8s networking issues
  • Packet inspection across layer 2, layer 3 and policy routing, socket, and so on, regardless of the CNI
  • Real-life examples of K8s networking problems and how they were debugged with eBPF