Evaluating container security with ATT&CK Framework

•Télécharger en tant que PPTX, PDF•

0 j'aime•145 vues

Containers have been crucial in helping organizations orchestrate their infrastructure requirements. The scalability and reproducibility aspects of containerized environments have enabled applications and web components to be deployed seamlessly in the cloud. While containers have multiple benefits, they also come with distinct security issues, resulting in attackers gaining access to the container, the host, and eventually the data. The first step towards implementing Container Runtime Security is to understand the current threat scenarios and adversary trends affecting the cloud containers. To aptly evaluate the container threat landscape in any environment, an attack matrix should be formulated to ensure that relevant techniques and tactic are identified for every attack stage. The ATT&CK framework from MITRE has been a go-to framework to formulate a threat matrix, identify an adversary’s tactics and methods/techniques used to attain their end game of privilege escalation or data exfiltration. This presentation is targeted towards: Today’s container runtime security landscape Apply ATT&CK methodology on the container runtime environment Provide a practical approach towards attack surface, scenarios, and attack trends Validations and Security Best Practices

Technologie

EVALUATING CONTAINER
SECURITY WITH ATT&CK
FRAMEWORK
• Sandeep Jayashankar • Nov 2020

EVALUATIN
G
CONTAINER
SECURITY
WITH
ATT&CK
FRAMEWOR
K
Containers
•Current Tech Landscape
•Vuln Timeline
•Most Recent Vulnerabilities
•Misconfiguration Attacks
Container Runtime Challenges
ATT&CK for Containers
•Introduction
•Use Cases
•Threat Matrix
Practical approach to ATT&CK
Conclusion

CONTAINERS – MOST RECENT VULNERABILITIES
CVE-2020-
2121
Jenkins Kubernetes
Engine plugin
Remote Code
Execution with
arbitrary installs
https://www.tigera.io/blog/kubernetes-q3-2020-threats-exploits-and-ttps/
https://sysdig.com/blog/falco-cve-2020-8566-ceph/
https://sysdig.com/blog/cve-2020-8563-vsphere-credentials-cloud-controller-
manager/
CVE-2020-
14386
Linux Kernel
Privilege Escalation
due to packet
socket memory
corruption
CVE-2020-
8563
CVE-2020-
8558
kube-controller-
manager vSphere
credential leak
Ceph cluster
adminSecrets
exposed when
logLevel >=4

CONTAINERS – MISCONFIG ATTACKS
https://jarv.is/notes/shodan-search-queries/
Exposed Containers
Including Public Containers
Using Privileged Containers
https://containerjournal.com/topics/container-security/why-running-a-privileged-container-is-not-a-good

ATT&CK FOR CONTAINERS - INTRODUCTION
• Adversarial Tactics, Techniques, And Common Knowledge
• Understand Adversary Behavior using Threat Matrix
• Defines Tactics, Techniques, and Procedures (TTPs)
© 2020 PAYPAL INC. CONFIDENTIAL AND PROPRIETARY.
Cloud Matrix: https://attack.mitre.org/matrices/enterprise/cloud/gcp/
Advanced Persistent Threat
Group

ATT&CK FOR CONTAINERS – USE CASES
https://attack.mitre.org/docs/training-cti/CTI%20Workshop%20Full%20Slides.pdf

ATT&CK FOR CONTAINERS – THREAT MAP
Initial Access : Adversary exploits an application
vulnerability and gains initial access to a container.
Execution: Adversary gets SSH credentials and connects
to the service.
Privilege Escalation: Adversary utilizes privileged
container misconfiguration to gain total control of container.
Defense Evasion: Adversary deletes container logs to
hide their footprints.
Credential Access: Adversary finds application
credentials in configuration or log files.
Lateral Movement: Adversary mounts writeable
volumes of the host
Impact: Adversary utilizes the host to mine cryptocurrencies
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
Adversary Emulation

CONCLUSION
Identify adversary
behavior
Translate behavior into
TTPs
Map data in a visualized
manner
Plan mitigations based
mapped data
Common Knowledge
helps educate
developers, security
personnel and system
administrators

Contenu connexe

Tendances

Outpost24 webinar mastering container security in modern day dev ops

Outpost24

Serverless means handing off server management to the cloud platforms – along with their security risks. With the “pros” ensuring our servers are patched, what’s left for application owners to protect? As it turns out, quite a lot. This talk discusses the aspects of security serverless doesn’t solve, the problems it could make worse, and the tools and practices you can use to keep yourself safe. Required audience experience Basic knowledge of how FaaS and Serverless works Objective of the talk As many companies explore the world of serverless, it’s important they understand the aspects of security this new world helps them with, and the ones they need to care more about. This talk will provide a framework to understand how to prioritise and approach security for Serverless apps.

Serverless Security: What's Left To Protect

Guy Podjarny

Even though many organizations claim that security is a priority, that claim doesn’t always translate into supporting security initiatives in software development or test. Security code reviews often are overlooked or avoided, and when development schedules fall behind, security testing may be dropped to help the team “catch up.” Everyone wants more secure development; they just don’t want to spend time or money to get it. Gene Gotimer describes his experiences with implementing a continuous delivery process in the cloud and how he integrated security testing into that process. Gene discusses how to take advantage of the automated provisioning and automated deploys already being implemented to give more opportunities along the way for security testing without schedule disruption. Learn how you can incrementally mature a practice to build security into the process—without a large-scale, time-consuming, or costly effort.

Better Security Testing: Using the Cloud and Continuous Delivery

Gene Gotimer

As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Secure Application Development in the Age of Continuous Delivery

Black Duck by Synopsys

As presented at OpenShift Commons Sept 8, 2016. Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and associated network defenses. Since those defenses are reactive to application issues attackers choose to exploit, it’s critical to have visibility into both what is in your container library, but also what the current state of vulnerability activity might be. Current vulnerability information for container images can readily be obtained by using the scan action on Atomic hosts in your OpenShift Container Platform. In this session we’ll cover how an issue becomes a disclosed vulnerability, how to determine the risk associated with your container usage, and potential mitigation patterns you might choose to utilize to limit any potential scope of compromise.

The How and Why of Container Vulnerability Management

Tim Mackey

Monitoring & Securing Microservices in Kubernetes

Michael Ducy

DevSecOps | DevOps Sec

Rubal Jain

Containers and Microservices have radically changed how you get visibility into your applications. As developers have started to leverage orchestration systems on top of containers, the game is changing yet again. What was a simple application on a host before is now a sophisticated, dynamically orchestrated, multi-container architecture. It’s amazing for development - but introduces a whole new set of challenges for monitoring and visibility. In this talk we’ll lay out five key principles for monitoring microservices and the containers they are based on. These principles take into account the operational difference of containers and microservices when compared to traditional architectures. This talk is for the operator that needs to help development teams understand how visibility of apps has changed, and help teams implement these ideas. You’ll walk away with a good understanding of the challenges of monitoring microservices and how you can set your team up for success.

Principles of Monitoring Microservices

Michael Ducy

Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption. The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present. In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn: • Why container environments present new application security challenges, including those posed by ever-increasing open source use. • How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities. • Best practices and methodologies for deploying secure containers with trust and confidence.

Contain your risk: Deploy secure containers with trust and confidence

Black Duck by Synopsys

Humla workshop on Android Security Testing by Sai Sathya narayan Venkatraman, MWR Infosecurity This workshop gives you hands on experience in identifying and exploiting the latest categories of vulnerabilities against modern Android applications based on real world examples. You’ll use the latest testing tools to assess, unravel and exploit applications, and learn about vulnerability classes unique to Android. You will learn:- -To analyze applications from an attacker’s perspective. - Basic understanding of the latest attack vectors against Android applications - To perform black box security assessments against real world applications using the latest and widely used tools more info here http://www.meetup.com/Null-Singapore-The-Open-Security-Community/events/229931768/

Humla workshop on Android Security Testing - null Singapore

n|u - The Open Security Community

Web & Cloud Security in the real world

Madhu Akula

Aleksei Dremin - Application Security Pipeline - phdays9

Alexey Dremin

Securing Apache Web Servers

Information Technology

Some of the very things that make JavaScript awesome can also leave it exposed. Guy Podjarny and Danny Grander walk through some sample security flaws unique to Node’s async nature and surrounding ecosystem (or especially relevant to it)—e.g., memory leaks via the buffer object, ReDoS and other algorithmic DoS attacks (which impact Node due to its single-threaded nature), and timing attacks leveraging the EventLoop—and show how these could occur in your own code or in npm dependencies.

Secure Node Code (workshop, O'Reilly Security)

Guy Podjarny

[OWASP Poland Day] A study of Electron security

OWASP

V brownbag sept-14-2016

Anthony Chow

In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers. Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow. I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.

Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...

Christian Schneider

"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy to use 2. Extendable 3. Support for hardware, radio and IoT protocol analysis EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits: 1. Radio – BLE , Zigbee 2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP 3. Hardware – CAN, SPI, I2C, UART, JTAG This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."

Hacking IoT with EXPLIoT Framework

Priyanka Aash

The continuous delivery pipeline is the process of taking new or changed features from developers, and getting features deployed into production and delivered quickly to the customer. Gene Gotimer says testing within continuous delivery pipelines should be designed so the earliest tests are the quickest and easiest to run, giving developers the fastest feedback. Successive rounds of testing lead to increased confidence that the code is a viable candidate for production and that more expensive tests—time, effort, cost—are justified. Manual testing is performed toward the end of the pipeline, leaving computers to do as much work as possible before people get involved. Although it is tempting to arrange the delivery pipeline in phases (e.g., functional tests, then acceptance tests, then load and performance tests, then security tests), this can lead to serious problems progressing far down the pipeline before they are caught. Gene shows how to arrange your tests so each round provides just enough testing to give you confidence that the next set of tests is worth the investment. He explores how to get the right types of testing into your pipeline at the right points.

Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper

Gene Gotimer

As delivered at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Secure Application Development in the Age of Continuous Delivery

Tim Mackey

Tendances (20)

Outpost24 webinar mastering container security in modern day dev ops

Serverless Security: What's Left To Protect

Better Security Testing: Using the Cloud and Continuous Delivery

Secure Application Development in the Age of Continuous Delivery

The How and Why of Container Vulnerability Management

Monitoring & Securing Microservices in Kubernetes

DevSecOps | DevOps Sec

Principles of Monitoring Microservices

Contain your risk: Deploy secure containers with trust and confidence

Humla workshop on Android Security Testing - null Singapore

Web & Cloud Security in the real world

Aleksei Dremin - Application Security Pipeline - phdays9

Securing Apache Web Servers

Secure Node Code (workshop, O'Reilly Security)

[OWASP Poland Day] A study of Electron security

V brownbag sept-14-2016

Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...

Hacking IoT with EXPLIoT Framework

Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper

Secure Application Development in the Age of Continuous Delivery

Similaire à Evaluating container security with ATT&CK Framework

Cloud native applications are popular these days. They promise superior reliability and almost arbitrary scalability. They follow three key principles: they are built and composed as microservices. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. But which technology is best to build this kind of application? This talk will be your guidebook. In this hands-on session, we will briefly introduce the core concepts and some key technologies of the cloud native stack and then show how to build, package, containerize, compose and orchestrate a cloud native showcase application on top of a cluster operating system such as Kubernetes or OpenShift. Throughout the session we will be using an off-the-shelf MIDI controller to visualize the concepts and to remote control the cluster. Container Days 2017 conference. @ConDaysEU #CDS17 #qaware #CloudNativeNerd @LeanderReimer

A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17

Mario-Leander Reimer

Container Days 2017, Hamburg: Vortrag von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware). Abstract: Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud Native Stack. In dieser Session stellen wir die wichtigsten Konzepte und Schlüsseltechnologien vor und bringen dann eine Spring-Cloud-basierte Beispielanwendung schrittweise auf Kubernetes und DC/OS zum Laufen. Dabei diskutieren wir verschiedene praktikable Architekturalternativen.

A hitchhiker‘s guide to the cloud native stack

QAware GmbH

Click Here---> https://bit.ly/3NnWld7 <---Get complete detail on CKS exam guide to crack Kubernetes v1.27. You can collect all information on CKS tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on Kubernetes v1.27 and get ready to crack CKS certification. Explore all information on CKS exam with number of questions, passing percentage and time duration to complete test.

How to Prepare for Linux Foundation CKS Exam?

AdinaCoyle

Kubernetes 101 for_penetration_testers_-_null_mumbai

n|u - The Open Security Community

Behind the Code 'September 2022 // by Exness

Maxim Gaponov

Cloud Native platforms such as Kubernetes help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important. In this talk, we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain a secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.

Open source security tools for Kubernetes.

Michael Ducy

12 Ways Not to get 'Hacked' your Kubernetes Cluster

Suman Chakraborty

Shifting left - How to use Continuous Integration tools to bring security into the DevOps world In today's modern software factories, organizations are shifting security to the left. No longer just the purview of firewalls, security needs to be built in during development and deployment processes. By doing so, organizations can ensure they are limiting vulnerabilities getting into production while cutting costs of both downtime and code rework. Key Takeaways: ○ How to ensure that the use of open source doesn’t introduce vulnerabilities and other security risks ○ How to automate the delivery of trusted images using a policy-driven approach ○ Empowering developers to secure their applications, while maintaining segregation of duties ○ Ensuring the consistent flow of images through the pipeline, with no side-doors or introduction of unvetted images ○ Enforcing immutability of containers, preventing container-image drift

Embacing service-level-objectives of your microservices in your Cl/CD

Nebulaworks

DevSecCon Lightning 2021- Container defaults are a hackers best friend

Eric Smalling

MITRE ATT&CK® is a well-known knowledge base of adversary behaviors that was originally focused on host-based environments, but recently ATT&CK coverage was extended to include techniques carried out in container deployments. I was privileged to have the opportunity to lead the team at MITRE that developed ATT&CK for Containers, but now I'm focused on implementing ATT&CK as a practitioner. With this background, I hope to share the unique perspective of how ATT&CK for Containers was created with help from the community, what ATT&CK techniques mean in the context of containers, and how you can utilize this new knowledge base in your own cloud environment. You'll leave this talk with a better understanding of how to evaluate and identify gaps in coverage and improve defenses in your own containers deployments by utilizing techniques used by real-world adversaries.

Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...

Jennifer Burns

https://jeeconf.com/program/containerising-bootiful-microservices/ Presentation on how we implemented Kubernetes and Jenkins to deploy and keep running Spring Cloud Netflix based microservices in private cloud. Overview of decision made about technology stack, testing strategy, tools and infrastructure components, continuous delivery/deployment pipelines and some implementation details and issues met.

Containerising bootiful microservices javaeeconf

Ivan Vasyliev

Click Here---> https://bit.ly/3P9xEDx <---Get complete detail on NCP-MCI exam guide to crack Multicloud Infrastructure. You can collect all information on NCP-MCI tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on Multicloud Infrastructure and get ready to crack NCP-MCI certification. Explore all information on NCP-MCI exam with number of questions, passing percentage and time duration to complete test.

Nutanix NCP-MCI Exam | How to Prepare

AdinaCoyle

How to think like a threat actor for Kubernetes.pptx

LibbySchulze1

Watch this Tech Talk: https://do.co/video_sgupta Designed for developers who have an in-depth understanding of Kubernetes concepts, this talk covers scaling apps with persistent storage and advanced networking. What You’ll Learn - Recent Kubernetes trends - Kubernetes autoscaling - RBAC (Role Based Access control) - Kubernetes resource quotas - Kubernetes extensions - Kubernetes security best practices About the Presenter Saurabh Gupta is a tech enthusiast with more than a decade of experience in the software industry. Currently a Senior Developer Advocate at DigitalOcean, he focuses on open source, DevOps, cloud, containers, and Kubernetes. He is also part of the CNCF Speakers Bureau, and is often found speaking at community meetups and conferences. New to DigitalOcean? Get US $100 in credit when you sign up: https://do.co/deploytoday To learn more about DigitalOcean: https://www.digitalocean.com/ Follow us on Twitter: https://twitter.com/digitalocean Like us on Facebook: https://www.facebook.com/DigitalOcean Follow us on Instagram: https://www.instagram.com/thedigitalocean/ We're hiring: http://do.co/careers

Kubernetes: Beyond Baby Steps

DigitalOcean

Meetup Cloud Native Night Munich, March 2023, Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware). == Dokument bitte herunterladen, falls unscharf! Please download slides if blurred! == Simple and efficient development of cloud-native applications still poses significant challenges for many teams. In addition to the implementation of features and microservices, developers are now often also responsible for building the required cloud services with Infrastructure as Code à la Terraform. Unfortunately, this quickly leads to high cognitive overload and suboptimal solutions. Crossplane, ACK and other open source add-ons for Kubernetes try to address this problem. With these extensions, cloud infrastructure can be declaratively provisioned easily without writing a single line of code. This presentation shows the practical use of both technologies and its core functions, using AWS and GCP as an example, as well as the seamless integration with a GitOps approach.

kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich

QAware GmbH

This talk explains what what Pod Security Policy is and it's importance in Kubernetes Security. The talk also takes a look at the current situation of docker hub's popular images and helm charts repository. This talk stresses on the fact that having PSP enabled the right way is absolutely necessary for the real security of the cluster. Link to the demos: What is Pod Security Policy? https://www.youtube.com/watch?v=nrWRMP94vqc Kubernetes Hostpath exploit thrawted with Pod Security Policy https://www.youtube.com/watch?v=APS0CfD6DsE

Hardening Kubernetes by Securing Pods

Suraj Deshmukh

The CA Spectrum 10 release represented one of the most substantial releases for this solution in recent years. Join us for this session to explore some of the new features, such as the new web client for operators, software-defined network (SDN) support, wireless LAN controller and access point management, bi-directional integration with CA Unified Infrastructure Management, support for ModSecurity, and simplified reporting. This will be a combination of slides, demos and hands-on practice. For more information, please visit http://cainc.to/Nv2VOe

CA Spectrum® Just Keeps Getting Better and Better

CA Technologies

Under-reported Security Defects in Kubernetes Manifests

Akond Rahman

BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware). Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.

Cloud-native .NET Microservices mit Kubernetes

QAware GmbH

Protecting Pipeline DevOps and IaC

Fernando Cardoso

Similaire à Evaluating container security with ATT&CK Framework (20)

A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17

A hitchhiker‘s guide to the cloud native stack

How to Prepare for Linux Foundation CKS Exam?

Kubernetes 101 for_penetration_testers_-_null_mumbai

Behind the Code 'September 2022 // by Exness

Open source security tools for Kubernetes.

12 Ways Not to get 'Hacked' your Kubernetes Cluster

Embacing service-level-objectives of your microservices in your Cl/CD

DevSecCon Lightning 2021- Container defaults are a hackers best friend

Using ATT&CK® for Containers to Level Up your Cloud Defenses - Jen Burns, fwd...

Containerising bootiful microservices javaeeconf

Nutanix NCP-MCI Exam | How to Prepare

How to think like a threat actor for Kubernetes.pptx

Kubernetes: Beyond Baby Steps

kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al. @ CNN Munich

Hardening Kubernetes by Securing Pods

CA Spectrum® Just Keeps Getting Better and Better

Under-reported Security Defects in Kubernetes Manifests

Cloud-native .NET Microservices mit Kubernetes

Protecting Pipeline DevOps and IaC

Dernier

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Evaluating the top large language models.pdf

ChristopherTHyatt

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

How to Troubleshoot Apps for the Modern Connected Worker

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

A Domino Admins Adventures (Engage 2024)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Boost PC performance: How more available memory can improve productivity

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

🐬 The future of MySQL is Postgres 🐘

Powerful Google developer tools for immediate impact! (2023-24 C)

08448380779 Call Girls In Friends Colony Women Seeking Men

Boost Fertility New Invention Ups Success Rates.pdf

What Are The Drone Anti-jamming Systems Technology?

How to Troubleshoot Apps for the Modern Connected Worker

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Exploring the Future Potential of AI-Enabled Smartphone Processors

GenCyber Cyber Security Day Presentation

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Handwritten Text Recognition for manuscripts and early printed texts

Partners Life - Insurer Innovation Award 2024

Evaluating the top large language models.pdf

Evaluating container security with ATT&CK Framework

1. EVALUATING CONTAINER SECURITY WITH ATT&CK FRAMEWORK • Sandeep Jayashankar • Nov 2020

2. EVALUATIN G CONTAINER SECURITY WITH ATT&CK FRAMEWOR K Containers •Current Tech Landscape •Vuln Timeline •Most Recent Vulnerabilities •Misconfiguration Attacks Container Runtime Challenges ATT&CK for Containers •Introduction •Use Cases •Threat Matrix Practical approach to ATT&CK Conclusion

3. CONTAINERS – CURRENT TECH LANDSCAPE

4. CONTAINERS – VULN TIMELINES

5. CONTAINERS – MOST RECENT VULNERABILITIES CVE-2020- 2121 Jenkins Kubernetes Engine plugin Remote Code Execution with arbitrary installs https://www.tigera.io/blog/kubernetes-q3-2020-threats-exploits-and-ttps/ https://sysdig.com/blog/falco-cve-2020-8566-ceph/ https://sysdig.com/blog/cve-2020-8563-vsphere-credentials-cloud-controller- manager/ CVE-2020- 14386 Linux Kernel Privilege Escalation due to packet socket memory corruption CVE-2020- 8563 CVE-2020- 8558 kube-controller- manager vSphere credential leak Ceph cluster adminSecrets exposed when logLevel >=4

6. CONTAINERS – MISCONFIG ATTACKS https://jarv.is/notes/shodan-search-queries/ Exposed Containers Including Public Containers Using Privileged Containers https://containerjournal.com/topics/container-security/why-running-a-privileged-container-is-not-a-good

7. CONTAINER RUNTIME CHALLENGES Monitoring • Containers are ephemeral, lightweight. • Deployed in large numbers • Monitoring containers different from VM hosts Isolation • Share same underlying operating system, volumes, and disks • Container breakout exploits at large (running with privileged flags) • More containers, more data and network traffic, more access controls Orchestration • Confusion in setting configurations • Data Leaks in Log files • Vulnerabilities in other orchestration components Response • Taking down compromised and bringing up brand new image • What if CI/CD limitations to push from Dev-Prod? • What if image compromised? ttps://capsule8.com/blog/security-challenges-for-containers-in-runtime/ Source: Forrester Research Report

8. ATT&CK FOR CONTAINERS - INTRODUCTION • Adversarial Tactics, Techniques, And Common Knowledge • Understand Adversary Behavior using Threat Matrix • Defines Tactics, Techniques, and Procedures (TTPs) © 2020 PAYPAL INC. CONFIDENTIAL AND PROPRIETARY. Cloud Matrix: https://attack.mitre.org/matrices/enterprise/cloud/gcp/ Advanced Persistent Threat Group

9. ATT&CK FOR CONTAINERS – USE CASES https://attack.mitre.org/docs/training-cti/CTI%20Workshop%20Full%20Slides.pdf

10. ATT&CK FOR CONTAINERS – THREAT MAP Initial Access : Adversary exploits an application vulnerability and gains initial access to a container. Execution: Adversary gets SSH credentials and connects to the service. Privilege Escalation: Adversary utilizes privileged container misconfiguration to gain total control of container. Defense Evasion: Adversary deletes container logs to hide their footprints. Credential Access: Adversary finds application credentials in configuration or log files. Lateral Movement: Adversary mounts writeable volumes of the host Impact: Adversary utilizes the host to mine cryptocurrencies https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/ Adversary Emulation

11. CONCLUSION Identify adversary behavior Translate behavior into TTPs Map data in a visualized manner Plan mitigations based mapped data Common Knowledge helps educate developers, security personnel and system administrators

12. QUESTIONS

Notes de l'éditeur

Infrastructure: Container Runtime components Orchestration components Automation CI/CD tooling Service Mesh Messaging Container OS Platforms

Evaluating container security with ATT&CK Framework

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Evaluating container security with ATT&CK Framework

Similaire à Evaluating container security with ATT&CK Framework (20)

Dernier

Dernier (20)

Evaluating container security with ATT&CK Framework

Notes de l'éditeur