Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications according to kubernetes.io but if we look at it closer under the hood let’s see what it is actually and technically :)

Image for post
Image for post
This is a kubernetes dashboard you should see once went through the simple steps in this article.

Launching a single node Kubernetes cluster, we will use Minikube(https://github.com/kubernetes/minikube), it is a tool that makes it easy to run Kubernetes locally, Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for users looking to try out Kubernetes or develop with it on a daily basis.


Image for post
Image for post
Credits for this particular visual goes to @ Dean Papa Siemplify.

What is Siemplify?

Siemplify is a SOAR Platform company and is Check Point’s strategic partner in SOAR space. Siemplify was born out of the need for a better, simpler, more effective way to manage security operations. Siemplify is built by security operations experts who spent years honing their skills on the front lines of Israeli cyber intelligence agencies. Siemplify is not a SIEM but rather an automation platform which uses playbooks and case-management.

What is Security Automation?

Security automation is used to address security operations tasks without human intervention and is an important component of security orchestration.

When automation is…


Image for post
Image for post
Stats of web attacks in percentages

About 3 years ago Gartner Research company coined the term WAAP which stands for Web Application and API Security which is mouth full to say it instead what we used to just call it a WAF in the industry.

There are so many solutions that offer WAAP as SaaS or PaaS or as a software. This article is to highlight and discuss why would anyone need a WAAP.

Let’s talk about Recon briefly.

Recon is mainly about the following items:

  • Web App Recon: (Information gathering, Web App mapping)
  • Structure (Modern vs Legacy, REST APIs, JS Object Notation: Variables, Functions, Context…

TrickBot

What began as a banking trojan and descendant of Dyre malware, TrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.

In early 2019, the FBI began to observe new TrickBot modules named Anchor, which cyber actors typically used in attacks targeting high-profile victims — such as large corporations. These attacks often involved data exfiltration from networks and point-of-sale devices. …


Image for post
Image for post
Computer photo created by freepik

Before we dive into this topic, let’s first briefly cover types of cyber threats these technologies can detect and prevent.

  • Firewall is like a doorman; sits at the perimeter, he keeps everyone out who tries to sneak in via open basement-windows-roof etc, but once someone enters through the official door, he lets everybody in, esp. when the house-owner brings guests in; it just allows or blocks traffic, based on port/ip and source and destination allowed. To elaborate further in technical terms, firewall analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination…


Image for post
Image for post

What is a Zero Day malware? It’s an unknown malware, virus. It has an MD5 hash that is not known to any traditional Anti-Malware protection.

You can take any unknown variant of the malware and load it to test on www.virustotal.com to get a verdict and validate if it is indeed unknown to a list of traditional signature based solutions. Virus Total maintains and has access via API to run the scan from one unified page.

Here is a library of unknown malware samples: https://github.com/mstfknn/malware-sample-library

You can change the hash of the known variant with https://github.com/ewwink/MD5-Hash-Changer

Now, let’s talk about…


What is Postman? It is an API tool. Postman allows you to publish most API’s quickly and easily. It automatically pulls your sample requests, headers, code snippets, etc. You can also easily share your API with the rest of your team if you are working on a project or such.

What is Check Point API and why use it? Check Point is a Security Gateway company(https://www.checkpoint.com) They have Web API available for automating tasks and functions in large scale deployments, and other cool things. …


Image for post
Image for post
Source of this screenshot: Shutterstock

From security perspective it is very important to be aware that running containers and applications with Docker implies running the Docker daemon. It is very important to be aware of this. The rootless mode is still experimental.

In new versions by default it uses UNIX socket which is owned by the “root” and other users can only access it using “sudo”, the Docker daemon binds to a that socket instead of a TCP port, it also always runs as the “root” user.

If you want to run “docker” with “sudo” then create a group called “docker” and add users to…


Cloud computing has been transforming every aspect of business especially now that companies can handle pretty much every aspect of their business virtually, you don’t need server racks or data centers any longer.

There are three key drivers for companies to move to cloud:

Mobility = Access to data from anywhere

Agility = moving data closer where it is needed with easy access to data

Disaster Recovery = Workloads are deployed and replicated across different physical data centers and different geo’s with accessibility from anywhere

Let’s take a look at what are the key differences between these two key pieces…


Image for post
Image for post
Credit to Metasploit from Kali by Offensive Security

Most techniques used in today’s Intrusion Prevention Systems are not able to deal with complex and sophisticated type of cyber attacks on computer networks.

There are different types of recon, vulnerability scanning, and hacking techniques:

  • Passive Information Gathering
  • Active Information Gathering
  • Vulnerability Scanning
  • Buffer Overflows
  • Win32 Buffer Overflow Exploitation
  • Linux Buffer Overflow Exploitation
  • Working with Exploits
  • File Transfers
  • Privilege Escalation
  • Client Side Attacks
  • Web Application Attacks
  • Password Attacks
  • Port Redirection and Tunneling
  • The Metasploit Framework
  • Bypassing Antivirus Software
  • Assembling the Pieces: Penetration Test Breakdown

Some believe that one should competencies to do White hat hacking, and these could include the…

Jon Goldman

Cloud Security, Automation, DevOps, AWS, Azure, GCP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store