mattreduce
Follow
π¦ container-security
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.
A curated list of awesome Kubernetes security resources
Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container
Moved to https://github.com/aquasecurity/trivy-operator
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
A tool for exploring each layer in a docker image
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Checklist for container security - devsecops practices
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground π
A tool to help forensicate offline docker acquisitions
Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes.
A Microservices-based framework for the study of Network Security and Penetration Test techniques
Low-level unprivileged sandboxing tool used by Flatpak and similar projects
Hardening a sketchy containerized application one step at a time
Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.
A best practices checker for Kubernetes clusters. π€
A tool to perform Kerberos pre-auth bruteforcing
A command-line tool to perform Local Health Check Probes inside Container Images (ECS, Docker)
A curated list of resources about detecting threats and defending Kubernetes systems.
All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.
Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).