Common Expressions Language (CEL) is now used in Kubernetes as a policy language. We choose the same when we were deciding on policy engine for vet. Even though conventional wisdom during the time was leaning towards OPA

cc: Madhu Akula

github.com/safedep/vet

macOS Containers (native, not linux) macoscontainers.org

Very cool !

So nice! kube-api.ninja offers a visual timeline of the availability of the #Kubernetes core APIs across releases.

Kelsey Hightower CycloneDX SBOM Spec (OWASP) supports HBOM today. Many large defense contractors already using it.

cyclonedx.org/capabilities/h…

With the spec, you can tie together SBOM and HBOM, into an Operational BOM (OBOM) to give a holistic view of all components and configurations at runtime.

It's that time of the year again - time to block off a weekend or two and watch videos from #defcon31 on #YouTube !

youtube.com/channel/UC6Om9…

We've got all the main stage talks, a bunch of Village Stage talks, War Stories and the Policy series, all waiting to entertain and…

Had a blast teaching 3 amazing #Kubernetes Hacking trainings at Black Hat & DEF CON in Las Vegas this year 🥳

Lots of cool hacking, learning, knowledge sharing, and networking. I'm excited for 2024 🙌

#DEFCON #BlackHat #BHUSA #Hacking #Security #Infosec #CloudNative

Back again in Vegas! With my popular 'A Practical Approach to Breaking & Pwning #Kubernetes Clusters' training Black Hat DEF CON. Catch me if you are around and say hi 👋

#BHUSA #DEFCON #Hacking #Security #CloudNative

🚨 BREAKING: Wiz Research discovered #GameOverlay — two local privilege escalation vulnerabilities in Ubuntu, affecting 40% of Ubuntu Linux workloads in the cloud 👀

a TL;DR thread 🧵

Analyzing the Identity and Behavior of Certificate Transparency Bots.

Bots mining certificate transparency logs - seconds to minutes. Secure your servers before getting that first cert.

Example of attackers exploiting defensive infra.

usenix.org/system/files/s…

I will be back Black Hat with my popular 'A Practical Approach to Breaking & Pwning #Kubernetes Clusters' Training 🚀
blackhat.com/us-23/training…
#InfoSec #BlackHat #Hacking #Pentest #Security #BlackHat USA #training #CloudNative #Containers #RedTeam #BlueTeam #Docker #DevSecOps

. Marco Lancini puts lot of efforts into sharing the curated amazing content. Please share your thoughts and suggestions 😊

Super excited to announce the rebrand of WeFuzz. 🤩🤩

We are now Yōkai. 👺

Check out more deets below:

📢 Our work on abusing/hardening the #Linux BPF interpreter for/against kernel exploitation has been accepted at the 2023 USENIX Association Annual Technical Conference (USENIX ATC)! Joint work with Di Jin and Vaggelis Atlidakis | cs.brown.edu/~vpk/papers/ep… | #epf #cbpf #ebpf #bpf #atc23 #brownssl

Abhisek Datta on 'Building Security Guardrails for safe OSS supply chain'

Miss you Madhu Akula 🙌🏽

#bsidesBangalore

🚨 'A Practical Approach to Breaking & Pwning Kubernetes Clusters' training in #BHUSA . Learn to perform #Kubernetes , Cloud Native #Security , #Pentesting , Assessments, & Architecture reviews 🚀

Register before early bird pricing ends blackhat.com/us-23/training…

#Hacking #RedTeam

🚨 'A Practical Approach to Breaking & Pwning Kubernetes Clusters' training in #BHUSA . Learn to perform #Kubernetes , Cloud Native #Security , #Pentesting , Assessments, & Architecture reviews 🚀

Register before early bird pricing ends blackhat.com/us-23/training…

#Hacking #RedTeam

Today is the last day to register for sold out training of “A practical approach to breaking & pwning Kubernetes clusters”

Black Hat #BHUSA 🔥

Podcast Release Alert!

Join Madhu Akula on his Infosec Journey 🚀

📣 Spread the Word!

Episode links 😀

Spotify – lnkd.in/gjQRC6qu

Apple - lnkd.in/gaheQV4u

Google - lnkd.in/gxSBaFNt

Happy listening!

#infosec #cyberscurity #bugbounty #security

Excited for this episode to share with the community 🙌

This is awesome work by Rory McCune 🙌