A Survey of Istio’s Network Security Features

Istio is a service mesh, which, in general, exist as a compliment to container orchestrators (e.g. Kubernetes) in order to provide additional, service-centric features surrounding traffic management, security, and observability. Istio is arguably the most popular service mesh (using GitHub stars as a metric). This blog post assumes working familiarity with Kubernetes and microservices, but … Continue reading A Survey of Istio’s Network Security Features

Conference Talks – March 2020

This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, "Bug Bounty: Why is this happening?" presented at Nullcon Goa (Goa, India - March 3-7 2020) Rob Wood, "[Panel]: CSIS Security Panel Discussion," presented at OCP Global Summit (San Jose, CA - March 4-5 2020) Rory McCune, "[Training]: … Continue reading Conference Talks – March 2020

Deep Dive into Real-World Kubernetes Threats

On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the demo, and provide resources for … Continue reading Deep Dive into Real-World Kubernetes Threats

Conference Talks – February 2020

This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, "Command and KubeCTL: Real-World Kubernetes Security for Pentesters" presented at Shmoocon (Washington, DC - January 31-February 2 2020)Clint Gibler, "How to 10X Your Company’s Security (Without a Series D)," presented at BSidesSF (San Francisco, CA - February 22-24 2020) Clint Gibler, … Continue reading Conference Talks – February 2020

Tool Release – Enumerating Docker Registries with go-pillage-registries

Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute a … Continue reading Tool Release – Enumerating Docker Registries with go-pillage-registries

Conference Talks – January 2020

This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, "DevSecOps State of the Union v2.0," presented at AppSec Cali (Santa Monica, CA - January 22-24 … Continue reading Conference Talks – January 2020