Skip to content

Pray3r/cloud-native-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 

Repository files navigation

Cloud Native Security

Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc. Pull request welcome.

Intro

2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN

2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN

Series of articles: Exploring Container Security by Google - articles

Kernel and architecture

Namespaces in operation by Michael Kerrisk - whitepaper

Control groups series by Neil Brown - whitepaper

2018: KubeCon, CloudNativeCon:"Container Isolation at Scale (Introducing gVisor) by Dawn Chen and Zhengyu He" - slide - video

2018:"A history of low-level Linux container runtimes" by Daniel J. Walsh - article

2015:"The History of Containers" by by thildred - article

2015: LinuxCon:"Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic" by Jérôme Petazzoni - slide

2013:"Resource management: Linux kernel Namespaces and cgroups" by Rami Rosen - slide

Escaping

2020:"Escaping Virtualized Containers" - slide - video

2019:"CVE-2019-5736:runC:Escape from Docker and Kubernetes containers to root on host" - article - exp

2018:"CVE-2017-1002101:kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath" - article - exp

2017:"Escaping Docker container using waitid() – CVE-2017-5123" by Daniel Shapira - article

2016:"Abusing Privileged and Unprivileged Linux Containers" by NCC Group - whitepaper

2015: "Chw00t: How to break out from various chroot solutions" by Balázs Bucsay - slide

2014:"Container escape through open_by_handle_at (shocker exploit)" - vuln - exp

Docker

2017:"Docker Security" by Mika Vatanen - slide

2016:"Docker & Security" by Florian Barth and Matthias Luft - slide

2016: BSides:"Docker: Security Myths, Security Legends" by Rory McCune - video

2015: BlackHat:"Vulnerability Exploitation In Docker Container Environments" by Anthony Bettini - video - slide - whitepaper

Kubernetes

2018:"Hard Multi-Tenancy in Kubernetes by Jessie Frazelle" - article

Hardening

2016:"Understanding and Hardening Linux Containers" by NCC Group - whitepaper

Miscs

2018:"How modern containerization trend is exploited by attackers" - article

2018:"How one of our Kubernetes clusters got pwned Shopify" - article

2015: Defcon 23:"Linux Containers: Future or Fantasy?" by Aaron Grattafiori - video - slide

Tools

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. https://github.com/docker/docker-bench-security

The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices. https://github.com/aquasecurity/kube-bench

Product

Open Policy Agent https://github.com/anderseknert/awesome-opa