Mercan_internship_finalpresentation_Akamatsu

mercari
December 06, 2022

 Mercan_internship_finalpresentation_Akamatsu

mercari

December 06, 2022
Tweet

More Decks by mercari

Other Decks in Technology

Transcript

  1. 2 @hi120ki Hiroki Akamatsu / Security Engineering • Full Name

    : 赤松宏紀 (Hiroki Akamatsu) • GitHub : hi120ki • Twitter : hi120ki • Joining Time : 2022/08/16 • Career : M1 student @Osaka University
  2. 4 Sysdig Secure SaaS for Kubernetes Security Attack detection by

    Falco Record container activity Container image scan Kubernetes audit log
  3. 6 How to attack Kubernetes? Microsoft’s Threat Matrix includes all

    of attack techniques to Kubernetes https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
  4. 8 Falco Syscall based attack detection OSS Linux Kernel Falco

    probe Process Process syscall syscall Syscall execute open files, network connections, spawn new process, etc Catch and analyze syscall → Detect secret file read, malicious network access, spawn malicious process, etc
  5. 9 Contribute to Falco OSS Validating attack detection by Falco

    with Rebuilded Kubernetes Threat Matrix Add attack detection rules ・Add read environment variable from /proc files - falco#2193 ・Add rule to detect bypass by symlink files - falco#2202 ・Add containerd.sock to sensitive_vol_mount - k8saudit#146 ・Add Launch Excessively Capable Pod into k8saudit rule - k8saudit#147 Fix attack detection rules ・Add GKE default pod into allowlist in Mount Launched rule - falco#2198 ・Fix mount detection in falco_rules.yaml - falco#2199 ・Fix k8saudit rule EphemeralContainers Created - k8saudit#151 Fix ・Add ka.sourceips in k8saudit plugin - k8saudit#143 ・Add userAgent to auditEvent - stackdriver-webhook-bridge#16 Created 9PR to OSS Contribute not only Mercari but Kubernetes Security