Linkbase

28.06.2022

• New for AWS DataSync – Move Data Between AWS and Other Public Locations
• Devtron - tool integration platform for Kubernetes
• HashiCorp Vault 1.11 Adds Kubernetes Secrets Engine, PKI Updates, and More
• Terraform Cloud Adds Drift Detection for Infrastructure Management
• How to manage Kubernetes secrets with GitOps?
• Get Started with Sigstore (Free Course!)
• Introducing Tailscale SSH
• Golang - making code faster
• Talos Linux is a modern Linux distribution built for Kubernetes
• Resoto creates an inventory of your cloud, provides deep visibility, and reacts to changes in your infrastructure
• AWS-Cost-Saver - a tiny CLI tool to help save costs in development environments when you’re asleep and don’t need them
• HTTPLoot - an automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and “loot” secrets out of the client-facing code of sites
• SOCless - serverless security orchestration, automation and response
• Mirrord - by mirroring traffic to and from your machine, mirrord surrounds your local service with a mirror image of its cloud environment
• Learning operating system development using Linux kernel and Raspberry Pi
• Furiko - cloud-native, enterprise-level cron job platform for Kubernetes
• Robusta - open source Kubernetes troubleshooting and automation platform
• Dashy - A self-hostable personal dashboard built for you
• Debugging Kubernetes Pods: Deep Dive
• AWS Controllers for Kubernetes (ACK)
• A quick path to Amazon EKS single sign-on using AWS SSO
• Harden Amazon EKS in minutes with Styra DAS Free and OPA
• CDK constructs for self-hosted GitHub Actions runners
• The CloudSec Engineer Book - coming soon
• Awesome iOS Security
• Sake is a task runner for local and remote hosts
• UTM - virtual machines for iOS and macOS for free, works on M1
• AWS SCP - get more out of service control policies in a multi-account environment
• kubectl-tree - kubectl plugin to browse Kubernetes object hierarchies as a tree
• ggshield - detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks
• Enumeration and lateral movement in GCP environments
• Awesome Azure Penetration Testing
• Enabling AWS IAM Group Access to an EKS Cluster Using RBAC
• Useful utilities and toys over DNS
• Litmus helps SREs and developers practice chaos engineering in a Cloud-native way
• Opencost - cross-cloud cost allocation models for Kubernetes workloads
• Amazon EKS Blueprints for Terraform
• Complete Practical Study Plan to become a successful cybersecurity engineer
• ifto - a simple debugging module for AWS Lambda (λ) timeout
• Trunk Check - code quality checking
• MONITORING AND ALERTING BREAK-GLASS ACCESS IN AN AWS ORGANIZATION
• Securing Cloud Services against Squatting Attacks
• Dockerfile best practices
• The Hitchhiker’s Guide to Pod Security - Lachlan Evenson, Microsoft
• Terraform as part of the software supply chain, Part 1 - Modules and Providers
• Batnoter- an open source, markdown-based, self-hosted note taking webapp
• How to Store an SSH Key on a Yubikey
• ugit - helps undo git commands, your damage control git buddy
• Malcolm - is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs
• Tailscale tricks for security testers
• SSH No Ports - provides ssh to a remote Linux device with out that device having any ports open
• Dragonfly - a modern replacement for Redis and Memcached

31.05.2022

• Tailscale Authentication for NGINX
• Kubent - easily check your clusters for use of deprecated APIs
• How to control access to AWS resources based on AWS account, OU, or organization
• Using AWS Load Balancer Controller for blue/green deployment, canary deployment and A/B testing
• Experience Report: 6 months of Go
• Introducing SWIFT on Google Cloud
• Disabling Security Hub controls in a multi-account environment
• AWS Well-Architected Labs > Security
• ChopChop - is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders
• RFC 9116 - A File Format to Aid in Security Vulnerability Disclosure - security.txt
• The Bug Hunter’s Methodology: Application Hacking v1
• PORO - scan publicly accessible assets on your AWS cloud environment
• Tools That Use AWS Logs to Help with Least Privilege
• Bidirectionally integrate AWS Security Hub with Jira software
• Get Good At Git
• Progressive Delivery with Argo Rollouts : Blue-Green Deployment
• Security reference architecture for a serverless application
• AWS Security Maturity Model
• Securing AWS Lambda function URLs
• Software Supply-Chain Security Reading List
• Aztfy - a tool to bring existing Azure resources under Terraform’s management
• Korb - move Kubernetes PVCs between Storage Classes and Namespaces
• Administer AWS Single Sign-On from a delegated member account in your organization
• How to use new Amazon GuardDuty EKS Protection findings
• Level up Security Management with HashiCorp Vault and Flux
• Building a Data Perimeter on AWS
• Ratchet - a tool for securing CI/CD workflows with version pinning
• Kubectl-ICE - view running kubernetes information about multi-container pods and sidecars
• Announcing policy guardrails for Terraform on Google Cloud CLI preview
• Demystifying the Kubernetes Iceberg: Part 1
• Flux from End-to-End
• Forgit - a utility tool powered by fzf for using git interactively
• Grype - a vulnerability scanner for container images and filesystems
• Cloud Native Security Whitepaper
• Cloud Native Maturity Model 2.0
• Tetragon - eBPF-based Security Observability and Runtime Enforcement
• Track costs with detailed billing reports for Amazon EKS on AWS Fargate
• Automate All the Boring Kubernetes Operations with Python
• Getting started with ko: A fast container image builder for your Go applications
• The differences between Docker, containerd, CRI-O and runc
• Announcing the HCL Extension for Visual Studio Code 0.1
• Terraform Best Practices for Better Infrastructure Management
• Secure Your Docker Images With Cosign (and OPA Gatekeeper)

07.05.2022

• GitHub CLI extension to display a dashboard of PRs and issues - configurable with a beautiful UI
• GitOps Article Series from Giant Swarm
• The secret gems behind building container images, Enter: BuildKit & Docker Buildx
• Dagger - A portable devkit for CI/CD pipelines
• Automated Dependency Updates for Flux using Renovate
• Terraform: Up & Running, 3rd edition Early Release is now available! How Terraform changed with 1.1?
• Visualize Flux with ArgoCD
• Announcing AWS Lambda Function URLs: Built-in HTTPS Endpoints for Single-Function Microservices
• Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
• Incident report: From CLI to console, chasing an attacker in AWS
• Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes
• Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services
• A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges
• Introducing AWS Blueprints for Crossplane
• Migrating from Cluster Autoscaler To Karpenter
• ArgoCD Best Practices You Should Know
• Getting Started With Kyverno
• Security List - Curated lists of tools, tips and resources for protecting digital security and privacy
• Android App Hacking Workshop From Google
• Docker Slim - generate smaller images
• Parca - Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time
• How to get started with OrgFormation - managing AWS Organization
• Go - when to use generic
• A Deep Dive into Golang for OpenFaaS Functions
• Testing your Infrastructure as Code using Terratest
• Security Overview of AWS Fargate
• Where’s my stuff on GCP?
• Implementing Cloud Governance as a Code using Cloud Custodian
• Warpgate - Smart SSH bastion that works with any SSH client
• Bootstrapping clusters with EKS Blueprints
• Go, Generics, and Concurrency
• The Go Programming Language and Environment
• Certified Kubernetes Security Specialist (CKS) 2022 Exam Guide

12.04.2022

• Digital Forensics & Incident Response on Kubernetes
• What to look for when reviewing a company’s infrastructure
• Diff that understands syntax
• Compose with Markdown in Google Docs on web - after 16 years
• Managing Pod Scheduling Constraints and Groupless Node Upgrades with Karpenter in Amazon EKS
• Kubectl plugin for detecting Dockershim usage which is being removed
• Kubernetes Infrastructure the GitOps Way
• Charm - we build tools to make the command line glamorous
• Kaar - Kubernetes Application Archive
• SA-Hunter - correlates serviceaccounts, pods and nodes to the permissions granted to them via rolebindings and clusterrolesbindings
• A curated checklist of 300+ tips for protecting digital security and privacy in 2022
• The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts
• TruffleHog v3 - improved secrets detection
• Find and fight image theft
• PacketStreamer - distributed tcpdump for cloud native environments
• Kubernetes native testing with TestKube

06.04.2022

• Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
• Learn anything with Mind-Maps
• Lazygit
• Hacking The Cloud - CICD/GitLab/AWS/CTF
• How To Burp Good
• Network Infrastructure Security Guidance by NSA
• Magic Eraser - remove unwanted things from images in seconds
• AWS - Automated Incident Response and Forensics Framework
• BotKube - messaging bot for monitoring and debugging Kubernetes clusters
• AWS Controllers for Kubernetes (ACK) lets you define and use AWS service resources directly from Kubernetes
• Kubernetes Security through GitOps Best Practices: ArgoCD and Starboard
• Your pocket-sized cloud with a Raspberry Pi
• 10 Must-Have Kubernetes Tools
• Why We Selected Thanos for Long Term Metrics Storage
• How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects
• Fantastic AWS Hacks and Where to Find Them
• Access Undenied - Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps

22.03.2022

• 10 real stories, how CI/CD was hacked
• Threat matrix for CI/CD, how can they attack you on each stage
• Notify on AWS manual actions taken by monitoring CloudTrail
• Monitoring Kubernetes x509 certificates with Prometheus
• How to integrate AWS IAM and Google Workspace
• Starboard - Kubernetes-native Security Toolkit
• Operator to provision Wireguard VPN in a Kubernetes Cluster
• Container Security Checklist
• Identify privilege escalation paths within and across different clouds
• Awesome collection of awesome security hardening guides, tools and other resources

17.02.2022

Free Labs To Learn Cloud Pentesting:

• Flaws
• Flaws2
• Serverless Goat
• AWS S3 CTF Challenge
• AWS Vulnerable Lambda
• Lambhack
• IAM Vulnerable
• CloudGoat
• Attacking CloudGoat 2
• Damn Vulnerable Cloud Application
• Damn Vulnerable Serverless Application
• Sadcloud
• Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs

Others:

• Manage many Git repositories with sanity
• A GitOps Terraform controller for Kubernetes
• An implementation of infrastructure-as-code scanning using dynamic tooling. However, by deploying IaC (Terraform HCL in this case) against an instance of LocalStack, then pointing the tools at LocalStack, we can still perform scanning/testing to identify risks before they make it to production infrastructure
• Terraform + GitHub + AWS + OIDC
• Access Kubernetes via OIDC e.g. Keycloak
• OpsGenie in Grafana
• Validate GihubAction YAMLs
• AWS ECR Docker Credentials Helper
• A command-line pager for JSON data. User friendly JQ
• k9 for Docker
• Kubernetes Security Training Platform
• ValidKube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security
• Hello World GitOps
• Incident Analysis 101
• The Delivery Hero Reliability Manifesto
• Startup Guide To Incident Management

31.01.2022

• IaaC security scanning, why, flaws, etc.
• Free workshops for AWS security services
• EKS + Crossplane + Flux on AWS
• Watchexec - simple, standalone tool that watches a path and runs a command whenever it detects modifications
• Swimm - Documentation as a Code
• Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana
• Self-hosted infrastructure, fully automated from empty disk to operating services
• The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss
• DevOps The Hard Way - AWS
• IAM on EKS done right
• Comparing two methods for integrating Vault with Kubernetes

30.12.2021

• This page lists security mistakes by cloud service providers (AWS, GCP, and Azure)
• Kubernetes autoscaler, that aims to scale using machine learning
• DevOps Guru for RDS
• AWS re:Invent summary on one page
• Awesome Kubernetes Security
• Falco on Kubernetes - basics
• Zero Trust Architecture (Envoy, SPIRE, OPA)
• How To Make IAM Right
• GCP & Terraform - short-lived credentials
• Honest AWS Dashboard
• Improve your security posture on Windows/MacOS using prepared scripts
• SNARE, a Netflix automated security solution
• CloudQuery policies gives you a powerful way to automate, customize, codify, and run your cloud security & compliance continuously with HCL and SQL
• Argo vs Flux
• What happens after Kubernetes upgrade to 1.24 (Dockershim removal)
• Istio + OIDC
• Go, lessons learned
• Thoughts on how to structure Go code
• The Busy Developer’s Guide to Go Profiling, Tracing and Observability
• Rundown on Netflix SRE practices
• Upcoming trends in DevOps and SRE
• The API traffic viewer for Kubernetes, think TCPDump for Kubernetes
• Pleco - automatically removes Cloud managed services and Kubernetes resources based on tags with TTL
• Chezmoi - dotfile manager