Container Security Checklist:
From the image to the workload
چک لیست امن سازی کانتینرها
🔹 https://github.com/krol3/container-security-checklist
#DevSecOps #Github
کانال آموزش کامپیوتر
@Engineer_Computer
From the image to the workload
چک لیست امن سازی کانتینرها
🔹 https://github.com/krol3/container-security-checklist
#DevSecOps #Github
کانال آموزش کامپیوتر
@Engineer_Computer
GitHub
GitHub - krol3/container-security-checklist: Checklist for container security - devsecops practices
Checklist for container security - devsecops practices - krol3/container-security-checklist
⭕️ RADAR: How DevSecOps is Revolutionizing Security at Snapp
در این مقاله یکی از AppSec Engineer های Snapp به بررسی جزئیات DevSecOps توی اسنپ پرداخته.
به طور خیلی خلاصه فریمورک رادار اسنپ که ترکیب Security Testing در CI/CD هست شامل ابزار های زیر میشه:
1. SAST: semgrep
2. SCA, SBOM: Grype, Syft
3. Secret Detection: Gitleaks
4. IaC: KICS
5. Container Scanning: Trivy
6. DAST: ZAP
7. Vulnerability Management: DefectDojo, OWASP Dependency-Track
مقاله:
https://medium.com/@mohammadkamrani7/radar-how-devsecops-is-revolutionizing-security-at-snapp-5f496fd08e79
#DevSecOps #AppSec #DAST #SAST
@Engineer_Computer
در این مقاله یکی از AppSec Engineer های Snapp به بررسی جزئیات DevSecOps توی اسنپ پرداخته.
به طور خیلی خلاصه فریمورک رادار اسنپ که ترکیب Security Testing در CI/CD هست شامل ابزار های زیر میشه:
1. SAST: semgrep
2. SCA, SBOM: Grype, Syft
3. Secret Detection: Gitleaks
4. IaC: KICS
5. Container Scanning: Trivy
6. DAST: ZAP
7. Vulnerability Management: DefectDojo, OWASP Dependency-Track
مقاله:
https://medium.com/@mohammadkamrani7/radar-how-devsecops-is-revolutionizing-security-at-snapp-5f496fd08e79
#DevSecOps #AppSec #DAST #SAST
@Engineer_Computer
👍1
⭕️Red team: Journey from RCE to have total control of Cloud Infrastructure
۱. ابتدا محقق با کشف یک RCE در وب اپ به docker container دسترسی گرفته
۲. سپس متوجه شده که در محیط restrict قرار داره و فقط microdnf نصب هست
۳. محقق متوجه میشه که به subnet های دیگه درون شبکه از طریق container دسترسی داره و از این طریق ip یه gitlab instance رو پیدا میکنه
۴. و بعد متوجه میشه که این instance به CVE-2021-22205 آسیب پذیر هست
۵. بعدش از طریق این CVE به Gitlab و دیتابیس اون دسترسی میگیره و بعد از طریق دسترسی admin استفاده میکنه تا یدونه ریپازیتوری و CI/CD pipeline بسازه برای pivot به Gitlab worker instance
۶. و در Gitlab worker node تونسته تعداد زیادی secret و API KEY و ... و همچنین kubeconfig فایل رو پیدا کنه
برای جزيیات بیشتر مقاله زیر رو بخونید
https://mr-r3bot.github.io/red/team/2023/05/22/From-RCE-to-owning-entire-cloud-infrastructure.html
#RedTeam #RCE #Pivot #DevSecOps
@Engineer_Computer
۱. ابتدا محقق با کشف یک RCE در وب اپ به docker container دسترسی گرفته
۲. سپس متوجه شده که در محیط restrict قرار داره و فقط microdnf نصب هست
۳. محقق متوجه میشه که به subnet های دیگه درون شبکه از طریق container دسترسی داره و از این طریق ip یه gitlab instance رو پیدا میکنه
۴. و بعد متوجه میشه که این instance به CVE-2021-22205 آسیب پذیر هست
۵. بعدش از طریق این CVE به Gitlab و دیتابیس اون دسترسی میگیره و بعد از طریق دسترسی admin استفاده میکنه تا یدونه ریپازیتوری و CI/CD pipeline بسازه برای pivot به Gitlab worker instance
۶. و در Gitlab worker node تونسته تعداد زیادی secret و API KEY و ... و همچنین kubeconfig فایل رو پیدا کنه
برای جزيیات بیشتر مقاله زیر رو بخونید
https://mr-r3bot.github.io/red/team/2023/05/22/From-RCE-to-owning-entire-cloud-infrastructure.html
#RedTeam #RCE #Pivot #DevSecOps
@Engineer_Computer
Quang Vo
Red team: Journey from RCE to have total control of cloud infrastructure
Journey from gaining RCE in a container to Cluster Admin and have completely control of company’s cloud infrastructure
👍1
DevSecOps Engineer
DC-Washington, ECS is seeking a DevSecOps Engineer to work in our Washington, DC office. Job Description: ECS is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a DevSecOps Engineer Team Lead to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Gove
https://jobview.monster.com/DevSecOps-Engineer-Job-Washington-DC-US-262741778.aspx
#US #DevSecOps Engineer
@Engineer_Computer
DC-Washington, ECS is seeking a DevSecOps Engineer to work in our Washington, DC office. Job Description: ECS is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a DevSecOps Engineer Team Lead to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Gove
https://jobview.monster.com/DevSecOps-Engineer-Job-Washington-DC-US-262741778.aspx
#US #DevSecOps Engineer
@Engineer_Computer
❤1
🛡 Wazuh Mastery Pack · 02 of 15 — CLI Commands
The Wazuh GUI is great. The CLI is where you actually solve problems at 2am.
This cheat sheet is the muscle memory I wish I'd had on day one — service control, agent management, live log testing with wazuh-logtest, cluster operations, and the file paths you'll touch a thousand times.
Three commands every Wazuh operator should burn into memory:
🔹 /var/ossec/bin/wazuh-control configtest
→ validates ossec.conf BEFORE you restart in production. Has saved me from at least three outages.
🔹 /var/ossec/bin/wazuh-logtest
→ paste a raw log line, see exactly which decoder and which rule fires (or doesn't). Single best tool for tuning custom rules.
🔹 /var/ossec/bin/agent_control -l
→ shows every agent and its connection status. Faster than the dashboard when you just need a quick health check.
If you operate Wazuh and aren't using these, you're doing it the hard way.
#Wazuh #SIEM #SOC #BlueTeam #DevSecOps #CLI #InfoSec
📱 Channel : @Engineer_Computer
The Wazuh GUI is great. The CLI is where you actually solve problems at 2am.
This cheat sheet is the muscle memory I wish I'd had on day one — service control, agent management, live log testing with wazuh-logtest, cluster operations, and the file paths you'll touch a thousand times.
Three commands every Wazuh operator should burn into memory:
🔹 /var/ossec/bin/wazuh-control configtest
→ validates ossec.conf BEFORE you restart in production. Has saved me from at least three outages.
🔹 /var/ossec/bin/wazuh-logtest
→ paste a raw log line, see exactly which decoder and which rule fires (or doesn't). Single best tool for tuning custom rules.
🔹 /var/ossec/bin/agent_control -l
→ shows every agent and its connection status. Faster than the dashboard when you just need a quick health check.
If you operate Wazuh and aren't using these, you're doing it the hard way.
#Wazuh #SIEM #SOC #BlueTeam #DevSecOps #CLI #InfoSec
📱 Channel : @Engineer_Computer
❤2
🛡 Wazuh Mastery Pack · 05 of 15 — Wazuh API Anything you can do in the Wazuh dashboard, you can automate via the REST API on port 55000. This cheat sheet is the muscle: token auth, the endpoints I hit weekly, filtering and pagination, and curl one-liners you can drop into a Bash script today. Three workflows the API unlocks:
🔹 Mass-restart agents after a rule change → PUT /agents/restart (no more clicking through 200 hosts)
🔹 Auto-decommission stale agents → GET /agents?lastKeepAlive&status=disconnected → DELETE the list
🔹 Pipe rule and SCA data into your own dashboards → no need to touch OpenSearch directly Tokens expire in 15 minutes by default. Re-auth in your script, don't hardcode them.
#Wazuh #API #SIEM #Automation #SOC #DevSecOps #InfoSec
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
🔹 Mass-restart agents after a rule change → PUT /agents/restart (no more clicking through 200 hosts)
🔹 Auto-decommission stale agents → GET /agents?lastKeepAlive&status=disconnected → DELETE the list
🔹 Pipe rule and SCA data into your own dashboards → no need to touch OpenSearch directly Tokens expire in 15 minutes by default. Re-auth in your script, don't hardcode them.
#Wazuh #API #SIEM #Automation #SOC #DevSecOps #InfoSec
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
❤1