PinnedBarış Ekin YıldırıminDev GeniusContainerization BasicsContainers have become a cornerstone of modern DevOps practices and cloud computing. They offer a solution to the age-old problem of “it…Sep 25Sep 25
PinnedBarış Ekin YıldırıminInfoSec Write-upsKubernetes Goat: Attack & Defense Guide — Scenario 5: Docker CIS benchmarks analysisIn this scenario, the purpose is to get CIS Docker Benchmarks of our whole cluster. Therefore, this guide won’t include any attack…Jul 8Jul 8
PinnedBarış Ekin YıldırıminDev GeniusKubernetes Goat: Attack & Defense Guide — Scenario 4: Container escape to the host systemIn today’s scenario, we will explore how to escape from a container to the host system, understand the mechanism of this vulnerability…Jul 4Jul 4
Barış Ekin YıldırımContainer Teknolojisinin TemelleriContainerlar (konteynerler), bir uygulamayı çalıştırmak için gereken her şeyi içeren hafif, bağımsız ve çalıştırılabilir yazılım…Sep 26Sep 26
Barış Ekin YıldırımUymanız Gereken 5 DevSecOps PratiğiDevSecOps, yazılım geliştirme yaşam döngüsünün (SDLC) her aşamasına güvenliği entegre ederek DevOps’un üzerine inşa edilir. Bu yaklaşım…Sep 20Sep 20
Barış Ekin Yıldırım5 DevSecOps Practices You Should FollowLatest article that delves into 5 critical DevSecOps practices that can significantly elevate your application and infrastructure security.Sep 20Sep 20
Barış Ekin YıldırıminDev GeniusKubernetes Goat: Attack & Defense Guide — Scenario 3: SSRF in the Kubernetes worldWe will be discovering what SSRF is and how it’s getting into action in the Kubernetes environments. Later on, we will check various…Jul 1Jul 1
Barış Ekin YıldırıminInfoSec Write-upsKubernetes Goat: Attack & Defense Guide — Scenario 2: DIND (docker-in-docker) exploitationIn this Kubernetes Goat scenario, we will be exploiting the DIND(docker-in-docker) setup and demonstrate how we can patch/mitigate its…Jun 29Jun 29
Barış Ekin YıldırıminDev GeniusKubernetes Goat: Attack & Defense Guide — Scenario 1: Sensitive Keys in CodebasesIn this series of writeups, we’ll be exploring various Kubernetes misconfigurations and doing hands-on labs to exploit and patch them. For…Jun 26Jun 26
Barış Ekin YıldırıminDev GeniusA Brief Semgrep Analysis of Juice ShopSemgrep is one of my favorite SAST tools. It’s fast, highly configurable, open source, and the community rulesets are completely free! If…Oct 16, 20221Oct 16, 20221