Mercan_internship_finalpresentation_Akamatsu

mercari
PRO
December 06, 2022
Technology
0
64k

 Mercan_internship_finalpresentation_Akamatsu

mercari
PRO

December 06, 2022
Tweet

More Decks by mercari

See All by mercari
[DevDojo] Problem Solving - 2024
mercari
PRO
1
270
[DevDojo] Ship Code Faster - 2024
mercari
PRO
1
160
[DevDojo] Mercari Design Doc - 2024
mercari
PRO
0
210
[DevDojo] Mercari Quality Assurance - 2024
mercari
PRO
1
170
[DevDojo] Merpay Quality Assurance - 2024 (日本語)
mercari
PRO
1
150
[DevDojo] Merpay Quality Assurance - 2024
mercari
PRO
0
99
[DevDojo] Basic Machine Learning - 2024
mercari
PRO
1
240
[DevDojo] Mercari Mobile Development - 2024
mercari
PRO
0
120
[DevDojo] Mercari Incident Management - 2024
mercari
PRO
0
170

Other Decks in Technology

See All in Technology
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
240
複雑なState管理からの脱却
sansantech
PRO
1
140
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
12k
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
200
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
100 名超が参加した日経グループ横断の競技型 AWS 学習イベント「Nikkei Group AWS GameDay」の紹介/mediajaws202411
nikkei_engineer_recruiting
1
170
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120

Featured

See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Into the Great Unknown - MozCon
thekraken
32
1.5k
Happy Clients
brianwarren
98
6.7k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Making Projects Easy
brettharned
115
5.9k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Building an army of robots
kneath
302
43k

Transcript

  1. 1 Rebuilding the Kubernetes Threat Matrix and Validating Attack Detection

    by Falco Summer Internship 2022 @hi120ki

  2. 2 @hi120ki Hiroki Akamatsu / Security Engineering • Full Name

    : 赤松宏紀 (Hiroki Akamatsu) • GitHub : hi120ki • Twitter : hi120ki • Joining Time : 2022/08/16 • Career : M1 student @Osaka University

  3. 3 What I have done Re-evaluate Sysdig Secure

  4. 4 Sysdig Secure SaaS for Kubernetes Security Attack detection by

    Falco Record container activity Container image scan Kubernetes audit log

  5. 5 How to attack Kubernetes? Before thinking about detection, we

    have to know

  6. 6 How to attack Kubernetes? Microsoft’s Threat Matrix includes all

    of attack techniques to Kubernetes https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/

  7. 7 How to attack Kubernetes? Rebuild the Kubernetes Threat Matrix

  8. 8 Falco Syscall based attack detection OSS Linux Kernel Falco

    probe Process Process syscall syscall Syscall execute open files, network connections, spawn new process, etc Catch and analyze syscall → Detect secret file read, malicious network access, spawn malicious process, etc

  9. 9 Contribute to Falco OSS Validating attack detection by Falco

    with Rebuilded Kubernetes Threat Matrix Add attack detection rules ・Add read environment variable from /proc files - falco#2193 ・Add rule to detect bypass by symlink files - falco#2202 ・Add containerd.sock to sensitive_vol_mount - k8saudit#146 ・Add Launch Excessively Capable Pod into k8saudit rule - k8saudit#147 Fix attack detection rules ・Add GKE default pod into allowlist in Mount Launched rule - falco#2198 ・Fix mount detection in falco_rules.yaml - falco#2199 ・Fix k8saudit rule EphemeralContainers Created - k8saudit#151 Fix ・Add ka.sourceips in k8saudit plugin - k8saudit#143 ・Add userAgent to auditEvent - stackdriver-webhook-bridge#16 Created 9PR to OSS Contribute not only Mercari but Kubernetes Security

  10. 10 Published a blog post! https://engineering.mercari.com/blog/entry/20220928-kubern etes-threat-matrix-and-attack-detection-by-falco/