Darkbit blog

Cloud security insights, reviews, and demos for cloud-native teams and organizations.

Article

A Deeper Look at GKE Basic Auth

If you are running Google Kubernetes Engine (GKE) Clusters with Basic Authentication, you’ll want to consider removing those credentials from your clusters. This post aims to outline the risks and considerations for remediation.

Brad Geesaman

8 min read

Article

Google Kubernetes Engine IAM Roles

As a Google Cloud Administrator planning your IAM strategy for how to best use the built-in Google Kubernetes Engine (GKE) IAM Roles, there are a few details that might be confusing and/or surprising that could have unintended consequences.

Brad Geesaman

8 min read

Article

The Power of Kubernetes RBAC LIST

One of the potential surprises for newcomers to Kubernetes RBAC is what the subtle, but extremely important differences are between the GET and LIST verbs. This even translates to Google Cloud’s IAM permission model with GKE clusters with opportunities for unintended consequences.

Brad Geesaman

14 min read

Article

Reimagining Cloud Security Posture Assessments

We’d like to share what we’ve learned performing cloud security posture assessments for our clients and our approach to rethinking every step of the end to end experience.

Brad Geesaman

8 min read

Announcement

Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform

OpenCSPM is an open-source platform developed by Darkbit that aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that can even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.

Brad Geesaman

12 min read

Article

CVE-2020-15157 "ContainerDrip" Write-up

CVE-2020-15157: If an attacker publishes a public image with a crafted manifest that directs one of the image layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used by ctr/containerd to access that registry. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.

Brad Geesaman

16 min read