Darkbit blog

Cloud security insights, reviews, and demos for cloud-native teams and organizations.

Article

Kubernetes Honey Token

While publicly disclosed Kubernetes-related security breaches have thankfully been infrequent, we’ve seen environments where it’s possible that an attacker would likely go unnoticed for a long time if they gained access to the cluster and persisted using non-distructive means. Implementing defense-in-depth, thorough logging, and detailed metrics can be complex time consuming. In the meantime, what if there was an easy, high-confidence way to be alerted if a malicious entity was present?

Brad Geesaman

9 min read

Article

Google Cloud IAM Custom Role and Permissions Debugging Tricks

When validating assumptions about the necessary Google Cloud IAM permissions for a given situation, using your own identity for testing can be challenging. It’s difficult to fully isolate the exact permissions without a “clean” workspace, a separate identity, and a straightforward way to see what’s going on. We’ll show you one of the ways we approach creating and verifying least-privilege Custom IAM Roles using the gcloud sdk Docker image, Data Access Logging, and the IAM Policy Troubleshooter.

Brad Geesaman

17 min read

Article

A Deeper Look at GKE Basic Auth

If you are running Google Kubernetes Engine (GKE) Clusters with Basic Authentication, you’ll want to consider removing those credentials from your clusters. This post aims to outline the risks and considerations for remediation.

Brad Geesaman

8 min read

Article

Google Kubernetes Engine IAM Roles

As a Google Cloud Administrator planning your IAM strategy for how to best use the built-in Google Kubernetes Engine (GKE) IAM Roles, there are a few details that might be confusing and/or surprising that could have unintended consequences.

Brad Geesaman

8 min read

Article

The Power of Kubernetes RBAC LIST

One of the potential surprises for newcomers to Kubernetes RBAC is what the subtle, but extremely important differences are between the GET and LIST verbs. This even translates to Google Cloud’s IAM permission model with GKE clusters with opportunities for unintended consequences.

Brad Geesaman

14 min read

Article

Reimagining Cloud Security Posture Assessments

We’d like to share what we’ve learned performing cloud security posture assessments for our clients and our approach to rethinking every step of the end to end experience.

Brad Geesaman

8 min read