Sharing is caring, or whatever…
«The cloud-native ecosystem typically has the four C’s of cloud security: cloud, clusters, containers and code. Each layer builds on the next and insecurities at any layer can impact the layers that follow, such as applications deployed on insecure containers.» Csoonline sais.
Scan them with, e.g., Open-source options such as Anchore and Trivvy during or before deployment.
Among the banned companies are the consumer oriented Huawei and now Xiaomi. Read the lists from DOD.
…it is hard to imagine how to protect. Ref US-Cert and Fireeye blog for more.
And here are some countermeasures for those who like on Github.
Never a bad time to be reminded of a good old TLS flow explanation.
This look like fun, will try it this weekend I guess. May replace my packet capture Android app. Check out HTTP toolkit for Android.
Like all of us(?) adversaries love open source. May we learn from each other..
Check out this zdnet article.
Or check what Paul Litvak compiled all tools in this map.
ImmuniWeb released a new free tool to test, monitor and measure your website and domain exposure on the Dark Web.
Just tested mine, seems ok.
Not all patterns are as powerful as they might seem, as made clear in this article by NCSC. However, in my opinion they drepends heavily on the context they are (not) implemented.