Darkbit has joined Aqua Security!

Darkbit blog

Cloud security insights, reviews, and demos for cloud-native teams and organizations.

Announcement

Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform

OpenCSPM is an open-source platform developed by Darkbit that aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that can even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.

Brad Geesaman

12 min read

Article

CVE-2020-15157 "ContainerDrip" Write-up

CVE-2020-15157: If an attacker publishes a public image with a crafted manifest that directs one of the image layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used by ctr/containerd to access that registry. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.

Brad Geesaman

16 min read

Article

Falco Default Rule Bypass

Recently, when doing a bit of research of how Falco rules work, we discovered a default rule that alerts when privileged containers or containers that mount sensitive file paths are run inside a Kubernetes cluster could be “bypassed” if the image name was cleverly formatted.

Brad Geesaman

8 min read

Article

Why You Should Enable GKE Shielded Nodes Today

When Shielded GKE Nodes is enabled, the GKE control plane cryptographically verifies that every node in the cluster is a virtual machine running in a managed instance group in Google’s data center and that the kubelet is only getting the certificate for itself. But Shielded GKE Nodes addresses a much bigger problem.

Brad Geesaman

13 min read

Article

Why You Don't Need a Cloud Penetration Test... Yet

For organizations moving workloads to the cloud, the primary focus is rarely on security. In most cases, the goal is to get the environment migrated or an application deployed and to the point of working. At some point down the road, making sure the environment is secure enough to run in production becomes a priority. Great, but how do we do that?

Brad Geesaman

12 min read

Article

GCP Predefined IAM Role Permission Tracker

During one of our Google Cloud Platform (GCP) security assessments, we noticed that one of the Predefined IAM Roles had more permissions than before. After a bit, we noticed the GCP IAM Permissions Change Log explained which permissions were added. So, we decided to automatically track those changes, and the results have been enlightening.

Brad Geesaman

5 min read