Knowledge Base

• 1: Information Security
• 1.1: Basics
• 1.2: Applications
• 1.3: Attacks
• 1.4: Incidents
• 1.5: Kubernetes
• 1.6: Media
• 1.7: People
• 1.8: Security Tools

1 - Information Security

1.1 - Basics

Preservation of confidentiality, integrity and availability (CIA).

Additional properties:

• Non-repudiation
• Authentication
• Authorization

Books/Guides

• Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield (2020): Building Secure and Reliable Systems. O’Reilly Media
• CNCF: Cloud Native Security Whitepaper Version 2
• Ohio State University - Cybersecurity Canon
• Google infrastructure security design overview

Definitions/Certifications

• IT-Grundschutz-Kompendium
• Cloud Computing Compliance Criteria Catalogue (C5)
• RFC 2350 - Expectations for Computer Security Incident Response
• European Cybersecurity Certification Scheme for Cloud Services (EUCS)

Attack/Threat Analysis

• Threat Intelligence: written reports, indicators of compromise (IOC), malware reports
• Cyber Kill Chains
• Tactics, Techniques and Procedures (TTP)
  • ATT&CK framework (MIITRE)

OWASP Kubernetes Top 10

Podcasts

• Security, Cryptography, Whatever

Tutorials/Videos

• IppSec - Videos on pretty much everything infosec

News

• Heise Security

1.2 - Applications

Threema

Cryptanalysis uncovering 7 attacks from 3 different vectors

Attack models employed:

• Network Attacker
• Compromised Server
• Compelled Access

1.3 - Attacks

Phishing & Spear Phishing

Malware

Vulnerabilities

Unsecured Networks

Application Attacks

SQL Injection

Cross-Site Scripting (XSS)

Remote Code Execution (RCE)

Cross-Site Request Forgery (CSRF)

Sub-domain Takeover

https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers

Impacts

1. Browser can be polluted using a cookie bomb, leading to any web page at the domain being unavailable.

1.4 - Incidents

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

February 28, 2023

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data.

[…]

This attack was more sophisticated than most, as it started from a compromised Kubernetes container and spread to the victim’s AWS account. The attackers also had knowledge of AWS cloud mechanics, such as Elastic Compute Cloud (EC2) roles, Lambda serverless functions, and Terraform.

• original article at Sysdig

Attack on German Schools in Karlsruhe

February 14, 2023

As a mitigation the IT systems of the affected schools had to be shut down completely.

• in the news (German)
• city of Karlsruhe press statement (German)

VMware ‘ESXiArgs’ Ransomware Attack

February 6, 2023

• https://blogs.vmware.com/security/2023/02/83330.html

Reddit Phishing Attack

February 5, 2023

https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

1.5 - Kubernetes

General Security Information

• Official CVE Feed

Guides

• NSA/CISA Kubernetes Hardening Guide
• OWASP Kubernetes Security Cheat Sheet
• EKS Best Practices Guides

Tools

• Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

1.6 - Media

• After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud. Researchers allegedly found security protocols “burdensome.”

1.7 - People

General Security

• Brian Krebs
• Bruce Schneier

Cryptography

• Filippo Valsorda
• Deirdre Connolly
• Thomas H. Ptacek

1.8 - Security Tools

Learning

• Damn Vulnerable Web App, DVWA: The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface.

Scanners

• Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• nmap - utility for network discovery and security auditing

Pentesting

• mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers
• responder - a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
• gobuster - Directory/File, DNS and VHost busting tool written in Go
• john the ripper - password security auditing and password recovery tool
• ffuf - Fast web fuzzer written in Go
• p0wny-shell - Single-file PHP shell
• Impacket - a collection of Python classes for working with network protocols
• burpsuite - An integrated platform for performing security testing of web applications
• sqlmap - Automatic SQL injection and database takeover tool
• s3scanner - Scan for open S3 buckets and dump the contents

Miscellaneous

• Snuffy - a simple command line tool to inspect SSL/TLS connections

Other Collections

• Awesome Hacking - A collection of awesome lists for hackers, pentesters & security researchers

VPN

• Wireguard