Tools Resources
container

Walking the Risky Path: The Threat of hostPath to Your Kubernetes Cluster

Reem Rotenberg<
By: Reem Rotenberg
Apr 1, 2024

In this blog, we will shed light on hostPath potential risks, delving into the depths of risky hostPath use cases and how they can compromise the security of your cluster if not carefully managed. IntroBackgroundHow Does hostPath Work?Security ImpactAttack Scenarios/var/log directory mounted/etc/kubernetes/manifests directory mounted/var/run/containerd/containerd.sock socket mounted/var/lib/kubelet/pods directory mounted/proc/sys/kernel/core_pattern file mounted/ directory mountedConclusionAppendices Intro In today's cloud technology landscape, Kubernetes is widely used to orchestrate containerized…

AWS_Blog

AWS ECR Public Vulnerability

Gafnit Amiga<
By: Gafnit Amiga
Dec 13, 2022

Executive Summary I discovered a critical AWS Elastic Container Registry Public (ECR Public) vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing undocumented internal ECR Public API actions. Prior to mitigation, this vulnerability could have potentially led to denial of service, data exfiltration, lateral movement, privilege…

GCP buckets

How many of your GCP buckets are publicly accessible? It might be more than you think…

Noga Yam Amitai<
By: Noga Yam Amitai
May 12, 2022

Google Cloud Storage is Google’s storage service for storing and retrieving data with high reliability, performance, and availability. Storage services tend to be a weak point in terms of security for many companies and organizations, as they often contain sensitive information but are hard to configure correctly. Here you can find a thorough examination of Google Cloud Platform’s (GCP) storage service, how to access buckets,…

Group-70

EKS Authentication: Part 1

Noga Yam Amitai<
By: Noga Yam Amitai
Feb 16, 2022

EKS Overview Kubernetes Background Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications – in other words, a container orchestration platform. A Kubernetes cluster is built out of a control plane and worker nodes. The control plane manages the worker nodes and pods in the cluster, and the worker nodes are machines that host the pods that are the components…

risky default EMR managed

Why you need to update your risky default EMR managed roles and policies

Dana Tsymberg<
By: Dana Tsymberg
Jan 27, 2022

Amazon EMR is a managed cluster platform that simplifies running big data frameworks such as Apache Hadoop and Apache Spark. EMR’s service allows a cluster to be launched in just a few minutes without the worry of node provisioning, resizing, scaling, or replacing poor functioning instances - EMR does it all for us. In this blog we will examine EMR's default roles and managed policies…

Group-46

AWS SageMaker Jupyter Notebook Instance Takeover

Gafnit Amiga<
By: Gafnit Amiga
Dec 2, 2021

During our research about security in data science tools we decided to look at Amazon SageMaker which is a fully managed machine learning service in AWS. Here is the long and short of our recent discovery. TL; DR We found that an attacker can run any code on a victim’s SageMaker JupyterLab Notebook Instance across accounts. This means that an attacker can access the Notebook Instance metadata…

Group-38

NGINX Custom Snippets CVE-2021-25742

Gafnit Amiga<
By: Gafnit Amiga
Oct 27, 2021

Attackers can gain access to secrets across all namespaces The high severity alert known otherwise as CVE-2021-25742, was recently brought to the public’s attention and has prompted us to believe that it may be worthwhile to do a deeper dive into what this vulnerability really is and what it means for today’s organizations. Let’s jump right in! Here’s the CVE itself: CVE-2021-25742: Ingress-nginx custom snippets allows…

S3-Bucket

S3 Bucket Security Issues Part 2: The Risks of Misconfigured S3 Buckets and What You Can Do About Them

Noga Yam Amitai<
By: Noga Yam Amitai
Jun 2, 2021

In the first part of this series, we provided an overview of AWS cloud storage service – S3. We discussed the three components of an S3 object, the content, the identifier, and the metadata, as well as how to access objects from within a bucket using AWS evaluation, including the risks involved. If you missed part one, you can check it out here. In the second…

bucketimage

What Is S3 Bucket and How to Access It (Part 1)

Noga Yam Amitai<
By: Noga Yam Amitai
May 12, 2021

S3 bucket misconfigurations account for 16% of all cloud security breaches. While some of this can be chalked up to inexperience or human error, that’s not the only problem going on behind the scenes. This two-part series will look in-depth at what is an s3 bucket, how AWS handles access rights and permissions, and a new Panoptica Python tool that will provide some visibility and…