Linkbase
28.06.2022
- New for AWS DataSync – Move Data Between AWS and Other Public Locations
- Devtron - tool integration platform for Kubernetes
- HashiCorp Vault 1.11 Adds Kubernetes Secrets Engine, PKI Updates, and More
- Terraform Cloud Adds Drift Detection for Infrastructure Management
- How to manage Kubernetes secrets with GitOps?
- Get Started with Sigstore (Free Course!)
- Introducing Tailscale SSH
- Golang - making code faster
- Talos Linux is a modern Linux distribution built for Kubernetes
- Resoto creates an inventory of your cloud, provides deep visibility, and reacts to changes in your infrastructure
- AWS-Cost-Saver - a tiny CLI tool to help save costs in development environments when you’re asleep and don’t need them
- HTTPLoot - an automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and “loot” secrets out of the client-facing code of sites
- SOCless - serverless security orchestration, automation and response
- Mirrord - by mirroring traffic to and from your machine, mirrord surrounds your local service with a mirror image of its cloud environment
- Learning operating system development using Linux kernel and Raspberry Pi
- Furiko - cloud-native, enterprise-level cron job platform for Kubernetes
- Robusta - open source Kubernetes troubleshooting and automation platform
- Dashy - A self-hostable personal dashboard built for you
- Debugging Kubernetes Pods: Deep Dive
- AWS Controllers for Kubernetes (ACK)
- A quick path to Amazon EKS single sign-on using AWS SSO
- Harden Amazon EKS in minutes with Styra DAS Free and OPA
- CDK constructs for self-hosted GitHub Actions runners
- The CloudSec Engineer Book - coming soon
- Awesome iOS Security
- Sake is a task runner for local and remote hosts
- UTM - virtual machines for iOS and macOS for free, works on M1
- AWS SCP - get more out of service control policies in a multi-account environment
- kubectl-tree - kubectl plugin to browse Kubernetes object hierarchies as a tree
- ggshield - detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks
- Enumeration and lateral movement in GCP environments
- Awesome Azure Penetration Testing
- Enabling AWS IAM Group Access to an EKS Cluster Using RBAC
- Useful utilities and toys over DNS
- Litmus helps SREs and developers practice chaos engineering in a Cloud-native way
- Opencost - cross-cloud cost allocation models for Kubernetes workloads
- Amazon EKS Blueprints for Terraform
- Complete Practical Study Plan to become a successful cybersecurity engineer
- ifto - a simple debugging module for AWS Lambda (λ) timeout
- Trunk Check - code quality checking
- MONITORING AND ALERTING BREAK-GLASS ACCESS IN AN AWS ORGANIZATION
- Securing Cloud Services against Squatting Attacks
- Dockerfile best practices
- The Hitchhiker’s Guide to Pod Security - Lachlan Evenson, Microsoft
- Terraform as part of the software supply chain, Part 1 - Modules and Providers
- Batnoter- an open source, markdown-based, self-hosted note taking webapp
- How to Store an SSH Key on a Yubikey
- ugit - helps undo git commands, your damage control git buddy
- Malcolm - is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs
- Tailscale tricks for security testers
- SSH No Ports - provides ssh to a remote Linux device with out that device having any ports open
- Dragonfly - a modern replacement for Redis and Memcached
31.05.2022
- Tailscale Authentication for NGINX
- Kubent - easily check your clusters for use of deprecated APIs
- How to control access to AWS resources based on AWS account, OU, or organization
- Using AWS Load Balancer Controller for blue/green deployment, canary deployment and A/B testing
- Experience Report: 6 months of Go
- Introducing SWIFT on Google Cloud
- Disabling Security Hub controls in a multi-account environment
- AWS Well-Architected Labs > Security
- ChopChop - is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders
- RFC 9116 - A File Format to Aid in Security Vulnerability Disclosure - security.txt
- The Bug Hunter’s Methodology: Application Hacking v1
- PORO - scan publicly accessible assets on your AWS cloud environment
- Tools That Use AWS Logs to Help with Least Privilege
- Bidirectionally integrate AWS Security Hub with Jira software
- Get Good At Git
- Progressive Delivery with Argo Rollouts : Blue-Green Deployment
- Security reference architecture for a serverless application
- AWS Security Maturity Model
- Securing AWS Lambda function URLs
- Software Supply-Chain Security Reading List
- Aztfy - a tool to bring existing Azure resources under Terraform’s management
- Korb - move Kubernetes PVCs between Storage Classes and Namespaces
- Administer AWS Single Sign-On from a delegated member account in your organization
- How to use new Amazon GuardDuty EKS Protection findings
- Level up Security Management with HashiCorp Vault and Flux
- Building a Data Perimeter on AWS
- Ratchet - a tool for securing CI/CD workflows with version pinning
- Kubectl-ICE - view running kubernetes information about multi-container pods and sidecars
- Announcing policy guardrails for Terraform on Google Cloud CLI preview
- Demystifying the Kubernetes Iceberg: Part 1
- Flux from End-to-End
- Forgit - a utility tool powered by fzf for using git interactively
- Grype - a vulnerability scanner for container images and filesystems
- Cloud Native Security Whitepaper
- Cloud Native Maturity Model 2.0
- Tetragon - eBPF-based Security Observability and Runtime Enforcement
- Track costs with detailed billing reports for Amazon EKS on AWS Fargate
- Automate All the Boring Kubernetes Operations with Python
- Getting started with ko: A fast container image builder for your Go applications
- The differences between Docker, containerd, CRI-O and runc
- Announcing the HCL Extension for Visual Studio Code 0.1
- Terraform Best Practices for Better Infrastructure Management
- Secure Your Docker Images With Cosign (and OPA Gatekeeper)
07.05.2022
- GitHub CLI extension to display a dashboard of PRs and issues - configurable with a beautiful UI
- GitOps Article Series from Giant Swarm
- The secret gems behind building container images, Enter: BuildKit & Docker Buildx
- Dagger - A portable devkit for CI/CD pipelines
- Automated Dependency Updates for Flux using Renovate
- Terraform: Up & Running, 3rd edition Early Release is now available! How Terraform changed with 1.1?
- Visualize Flux with ArgoCD
- Announcing AWS Lambda Function URLs: Built-in HTTPS Endpoints for Single-Function Microservices
- Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
- Incident report: From CLI to console, chasing an attacker in AWS
- Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes
- Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services
- A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges
- Introducing AWS Blueprints for Crossplane
- Migrating from Cluster Autoscaler To Karpenter
- ArgoCD Best Practices You Should Know
- Getting Started With Kyverno
- Security List - Curated lists of tools, tips and resources for protecting digital security and privacy
- Android App Hacking Workshop From Google
- Docker Slim - generate smaller images
- Parca - Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time
- How to get started with OrgFormation - managing AWS Organization
- Go - when to use generic
- A Deep Dive into Golang for OpenFaaS Functions
- Testing your Infrastructure as Code using Terratest
- Security Overview of AWS Fargate
- Where’s my stuff on GCP?
- Implementing Cloud Governance as a Code using Cloud Custodian
- Warpgate - Smart SSH bastion that works with any SSH client
- Bootstrapping clusters with EKS Blueprints
- Go, Generics, and Concurrency
- The Go Programming Language and Environment
- Certified Kubernetes Security Specialist (CKS) 2022 Exam Guide
12.04.2022
- Digital Forensics & Incident Response on Kubernetes
- What to look for when reviewing a company’s infrastructure
- Diff that understands syntax
- Compose with Markdown in Google Docs on web - after 16 years
- Managing Pod Scheduling Constraints and Groupless Node Upgrades with Karpenter in Amazon EKS
- Kubectl plugin for detecting Dockershim usage which is being removed
- Kubernetes Infrastructure the GitOps Way
- Charm - we build tools to make the command line glamorous
- Kaar - Kubernetes Application Archive
- SA-Hunter - correlates serviceaccounts, pods and nodes to the permissions granted to them via rolebindings and clusterrolesbindings
- A curated checklist of 300+ tips for protecting digital security and privacy in 2022
- The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts
- TruffleHog v3 - improved secrets detection
- Find and fight image theft
- PacketStreamer - distributed tcpdump for cloud native environments
- Kubernetes native testing with TestKube
06.04.2022
- Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- Learn anything with Mind-Maps
- Lazygit
- Hacking The Cloud - CICD/GitLab/AWS/CTF
- How To Burp Good
- Network Infrastructure Security Guidance by NSA
- Magic Eraser - remove unwanted things from images in seconds
- AWS - Automated Incident Response and Forensics Framework
- BotKube - messaging bot for monitoring and debugging Kubernetes clusters
- AWS Controllers for Kubernetes (ACK) lets you define and use AWS service resources directly from Kubernetes
- Kubernetes Security through GitOps Best Practices: ArgoCD and Starboard
- Your pocket-sized cloud with a Raspberry Pi
- 10 Must-Have Kubernetes Tools
- Why We Selected Thanos for Long Term Metrics Storage
- How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects
- Fantastic AWS Hacks and Where to Find Them
- Access Undenied - Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps
22.03.2022
- 10 real stories, how CI/CD was hacked
- Threat matrix for CI/CD, how can they attack you on each stage
- Notify on AWS manual actions taken by monitoring CloudTrail
- Monitoring Kubernetes x509 certificates with Prometheus
- How to integrate AWS IAM and Google Workspace
- Starboard - Kubernetes-native Security Toolkit
- Operator to provision Wireguard VPN in a Kubernetes Cluster
- Container Security Checklist
- Identify privilege escalation paths within and across different clouds
- Awesome collection of awesome security hardening guides, tools and other resources
17.02.2022
Free Labs To Learn Cloud Pentesting:
- Flaws
- Flaws2
- Serverless Goat
- AWS S3 CTF Challenge
- AWS Vulnerable Lambda
- Lambhack
- IAM Vulnerable
- CloudGoat
- Attacking CloudGoat 2
- Damn Vulnerable Cloud Application
- Damn Vulnerable Serverless Application
- Sadcloud
- Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs
Others:
- Manage many Git repositories with sanity
- A GitOps Terraform controller for Kubernetes
- An implementation of infrastructure-as-code scanning using dynamic tooling. However, by deploying IaC (Terraform HCL in this case) against an instance of LocalStack, then pointing the tools at LocalStack, we can still perform scanning/testing to identify risks before they make it to production infrastructure
- Terraform + GitHub + AWS + OIDC
- Access Kubernetes via OIDC e.g. Keycloak
- OpsGenie in Grafana
- Validate GihubAction YAMLs
- AWS ECR Docker Credentials Helper
- A command-line pager for JSON data. User friendly JQ
- k9 for Docker
- Kubernetes Security Training Platform
- ValidKube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security
- Hello World GitOps
- Incident Analysis 101
- The Delivery Hero Reliability Manifesto
- Startup Guide To Incident Management
31.01.2022
- IaaC security scanning, why, flaws, etc.
- Free workshops for AWS security services
- EKS + Crossplane + Flux on AWS
- Watchexec - simple, standalone tool that watches a path and runs a command whenever it detects modifications
- Swimm - Documentation as a Code
- Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana
- Self-hosted infrastructure, fully automated from empty disk to operating services
- The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss
- DevOps The Hard Way - AWS
- IAM on EKS done right
- Comparing two methods for integrating Vault with Kubernetes
30.12.2021
- This page lists security mistakes by cloud service providers (AWS, GCP, and Azure)
- Kubernetes autoscaler, that aims to scale using machine learning
- DevOps Guru for RDS
- AWS re:Invent summary on one page
- Awesome Kubernetes Security
- Falco on Kubernetes - basics
- Zero Trust Architecture (Envoy, SPIRE, OPA)
- How To Make IAM Right
- GCP & Terraform - short-lived credentials
- Honest AWS Dashboard
- Improve your security posture on Windows/MacOS using prepared scripts
- SNARE, a Netflix automated security solution
- CloudQuery policies gives you a powerful way to automate, customize, codify, and run your cloud security & compliance continuously with HCL and SQL
- Argo vs Flux
- What happens after Kubernetes upgrade to 1.24 (Dockershim removal)
- Istio + OIDC
- Go, lessons learned
- Thoughts on how to structure Go code
- The Busy Developer’s Guide to Go Profiling, Tracing and Observability
- Rundown on Netflix SRE practices
- Upcoming trends in DevOps and SRE
- The API traffic viewer for Kubernetes, think TCPDump for Kubernetes
- Pleco - automatically removes Cloud managed services and Kubernetes resources based on tags with TTL
- Chezmoi - dotfile manager