Mercan_internship_finalpresentation_Akamatsu

mercari
PRO
December 06, 2022
Technology
0
59k

 Mercan_internship_finalpresentation_Akamatsu

mercari
PRO

December 06, 2022
Tweet

More Decks by mercari

See All by mercari
[DevDojo] Problem Solving - 2024
mercari
PRO
1
250
[DevDojo] Ship Code Faster - 2024
mercari
PRO
1
150
[DevDojo] Mercari Design Doc - 2024
mercari
PRO
0
200
[DevDojo] Mercari Quality Assurance - 2024
mercari
PRO
1
160
[DevDojo] Merpay Quality Assurance - 2024 (日本語)
mercari
PRO
1
140
[DevDojo] Merpay Quality Assurance - 2024
mercari
PRO
0
93
[DevDojo] Basic Machine Learning - 2024
mercari
PRO
1
220
[DevDojo] Mercari Mobile Development - 2024
mercari
PRO
0
110
[DevDojo] Mercari Incident Management - 2024
mercari
PRO
0
160

Other Decks in Technology

See All in Technology
生成AIと知識グラフの相互利用に基づく文書解析
koujikozaki
1
130
生成AIとAWS CDKで実現! 自社ブログレビューの効率化
ymae
2
320
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1k
事業者間調整の行間を読む 調整の具体事例
sugiim
0
1.1k
使えそうで使われないCloudHSM
maikamibayashi
0
170
신뢰할 수 있는 AI 검색 엔진을 만들기 위한 Liner의 여정
huffon
0
260
日経電子版におけるリアルタイムレコメンドシステム開発の事例紹介/nikkei-realtime-recommender-system
yng87
1
480
新卒1年目が挑む!生成AI × マルチエージェントで実現する次世代オンボーディング / operation-ai-onboarding
cyberagentdevelopers
PRO
1
160
Amazon_CloudWatch_ログ異常検出_導入ガイド
tsujiba
4
1.5k
フルカイテン株式会社 採用資料
fullkaiten
0
36k
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
610
コンテンツを支える 若手ゲームクリエイターの アートディレクションの事例紹介 / cagamefi-game
cyberagentdevelopers
PRO
1
120

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Code Review Best Practice
trishagee
64
17k
Why Our Code Smells
bkeepers
PRO
334
57k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Speed Design
sergeychernyshev
24
570
Building Your Own Lightsaber
phodgson
102
6k
What's in a price? How to price your products and services
michaelherold
243
12k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k

Transcript

  1. 1 Rebuilding the Kubernetes Threat Matrix and Validating Attack Detection

    by Falco Summer Internship 2022 @hi120ki

  2. 2 @hi120ki Hiroki Akamatsu / Security Engineering • Full Name

    : 赤松宏紀 (Hiroki Akamatsu) • GitHub : hi120ki • Twitter : hi120ki • Joining Time : 2022/08/16 • Career : M1 student @Osaka University

  3. 3 What I have done Re-evaluate Sysdig Secure

  4. 4 Sysdig Secure SaaS for Kubernetes Security Attack detection by

    Falco Record container activity Container image scan Kubernetes audit log

  5. 5 How to attack Kubernetes? Before thinking about detection, we

    have to know

  6. 6 How to attack Kubernetes? Microsoft’s Threat Matrix includes all

    of attack techniques to Kubernetes https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/

  7. 7 How to attack Kubernetes? Rebuild the Kubernetes Threat Matrix

  8. 8 Falco Syscall based attack detection OSS Linux Kernel Falco

    probe Process Process syscall syscall Syscall execute open files, network connections, spawn new process, etc Catch and analyze syscall → Detect secret file read, malicious network access, spawn malicious process, etc

  9. 9 Contribute to Falco OSS Validating attack detection by Falco

    with Rebuilded Kubernetes Threat Matrix Add attack detection rules ・Add read environment variable from /proc files - falco#2193 ・Add rule to detect bypass by symlink files - falco#2202 ・Add containerd.sock to sensitive_vol_mount - k8saudit#146 ・Add Launch Excessively Capable Pod into k8saudit rule - k8saudit#147 Fix attack detection rules ・Add GKE default pod into allowlist in Mount Launched rule - falco#2198 ・Fix mount detection in falco_rules.yaml - falco#2199 ・Fix k8saudit rule EphemeralContainers Created - k8saudit#151 Fix ・Add ka.sourceips in k8saudit plugin - k8saudit#143 ・Add userAgent to auditEvent - stackdriver-webhook-bridge#16 Created 9PR to OSS Contribute not only Mercari but Kubernetes Security

  10. 10 Published a blog post! https://engineering.mercari.com/blog/entry/20220928-kubern etes-threat-matrix-and-attack-detection-by-falco/