PinnedPublished inDev GeniusContainerization BasicsContainers have become a cornerstone of modern DevOps practices and cloud computing. They offer a solution to the age-old problem of “it…Sep 25Sep 25
PinnedPublished inInfoSec Write-upsKubernetes Goat: Attack & Defense Guide — Scenario 5: Docker CIS benchmarks analysisIn this scenario, the purpose is to get CIS Docker Benchmarks of our whole cluster. Therefore, this guide won’t include any attack…Jul 8Jul 8
PinnedPublished inDev GeniusKubernetes Goat: Attack & Defense Guide — Scenario 4: Container escape to the host systemIn today’s scenario, we will explore how to escape from a container to the host system, understand the mechanism of this vulnerability…Jul 4Jul 4
Container Teknolojisinin TemelleriContainerlar (konteynerler), bir uygulamayı çalıştırmak için gereken her şeyi içeren hafif, bağımsız ve çalıştırılabilir yazılım…Sep 26Sep 26
Uymanız Gereken 5 DevSecOps PratiğiDevSecOps, yazılım geliştirme yaşam döngüsünün (SDLC) her aşamasına güvenliği entegre ederek DevOps’un üzerine inşa edilir. Bu yaklaşım…Sep 20Sep 20
5 DevSecOps Practices You Should FollowLatest article that delves into 5 critical DevSecOps practices that can significantly elevate your application and infrastructure security.Sep 20Sep 20
Published inDev GeniusKubernetes Goat: Attack & Defense Guide — Scenario 3: SSRF in the Kubernetes worldWe will be discovering what SSRF is and how it’s getting into action in the Kubernetes environments. Later on, we will check various…Jul 1Jul 1
Published inInfoSec Write-upsKubernetes Goat: Attack & Defense Guide — Scenario 2: DIND (docker-in-docker) exploitationIn this Kubernetes Goat scenario, we will be exploiting the DIND(docker-in-docker) setup and demonstrate how we can patch/mitigate its…Jun 29Jun 29
Published inDev GeniusKubernetes Goat: Attack & Defense Guide — Scenario 1: Sensitive Keys in CodebasesIn this series of writeups, we’ll be exploring various Kubernetes misconfigurations and doing hands-on labs to exploit and patch them. For…Jun 26Jun 26
Published inDev GeniusA Brief Semgrep Analysis of Juice ShopSemgrep is one of my favorite SAST tools. It’s fast, highly configurable, open source, and the community rulesets are completely free! If…Oct 16, 20221Oct 16, 20221
