awesome-cloud-native-security
awesome resources about cloud native security 🐿
https://github.com/Metarget/awesome-cloud-native-security
Last synced: 7 days ago
JSON representation
-
1 Offensive
-
1.2 Kubernetes
- 逃逸风云再起:从CVE-2017-1002101到CVE-2021-25741 (2021-10-12)
- 浅谈云上攻防——CVE-2020-8562漏洞为k8s带来的安全挑战 (2021-10-25)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 逃逸风云再起:从CVE-2017-1002101到CVE-2021-25741 (2021-10-12)
- 浅谈云上攻防——CVE-2020-8562漏洞为k8s带来的安全挑战 (2021-10-25)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 逃逸风云再起:从CVE-2017-1002101到CVE-2021-25741 (2021-10-12)
- 浅谈云上攻防——CVE-2020-8562漏洞为k8s带来的安全挑战 (2021-10-25)
-
1.3 Container
- Abusing Privileged and Unprivileged Linux Containers (2016-06-01)
- Bypassing Docker Authz Plugin and Using Docker-Containerd for Privesc (2019-07-11)
- A Methodology for Penetration Testing Docker Systems (Bachelor Theses, 2020-01-17)
- 针对容器的渗透测试方法 (2020-04-17)
- 里应外合:借容器root提权 (2020-12-03)
- CVE-2021-21287: 容器与云的碰撞——一次对MinIO的测试 (2021-01-30)
- New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291) (2021-04-14)
- Container escape through open_by_handle_at (shocker exploit) (2014-06-18)
- Docker breakout exploit analysis (2014-06-19)
- Docker 容器逃逸案例分析 (2016-07-19)
- Dirty COW - (CVE-2016-5195) - Docker Container Escape (2017-09)
- Escaping Docker container using waitid() – CVE-2017-5123 (2017-12-27)
- Escaping Docker container using waitid() - CVE-2017-5123 (Video)
- A Compendium of Container Escapes (Black Hat 2019)
- In-and-out - Security of Copying to and from Live Containers (Open Source Summit 2019)
- CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host (2019-02-13)
- Escaping a Broken Container - 'namespaces' from 35C3 CTF (2019-04-15)
- 容器逃逸成真:从CTF到CVE-2019-5736 (2019-11-20)
- Felix Wilhelm's Twitter on the Escape Technique utilizing release_agent (2019-07-17)
- Understanding Docker container escapes (2019-07-19)
- Kubernetes Pod Escape Using Log Mounts (2019-08-01)
- Kubelet follows symlinks as root in /var/log from the /logs server endpoint (debate on hackerone, 2021-04-02)
- Original Tweet on CVE-2019-16884 (2019-09-22)
- CVE-2019-19921: Volume mount race condition with shared mounts (2020-01-01)
- PoC: runc-masked-race.sh
- PATCH RFC 1/1 mount: universally disallow mounting over symlinks (2019-12-30)
- 容器逃逸技术概览 (2020-02-21)
- Escaping Virtualized Containers (Black Hat 2020)
- Kata Containers逃逸研究 (2020-09-25)
- Security advisory for four vulnerabilities in Kata Containers (2020-12-04)
- CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel (2020-10-09)
- Containing a Real Vulnerability (2020-09-18)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 容器逃逸CVE-2020-15257 containerd-shim Exploit开发 (2020-12-14)
- The Strange Case of How We Escaped the Docker Default Container (CVE-2020-27352, 2021-03-04)
- runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465, 2021-05-30)
- RunC TOCTOU逃逸CVE-2021-30465分析 (2021-08-18)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555: Turning \x00\x00 into 10000$ (2021-07-07)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- With Friends like eBPF, who needs enemies? (Defcon 29)
- Container Escape in 2021 (HITB 2021)
- Container Escape in 2021 (KCon 2021)
- Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances (2021-09-09)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784, 2021-12-06)
- Issue 2241: runc/libcontainer: insecure handling of bind mount sources
- Podman Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2023-0778)
- Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
- Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (CCS 2019)
- Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (Video)
- Docker组件间标准输入输出复制的DoS攻击分析 (网络信息安全学报 2020)
- Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (CCS 2019)
- 针对容器的渗透测试方法 (2020-04-17)
- Privileged Container Escape - Control Groups release_agent (2020-11-19)
- PoC: Shocker by gabrtv
- ExP: CVE-2016-5195 by scumjr
- ExP: CVE-2019-5736 by Frichetten
- PoC: kube-pod-escape
- 针对容器的渗透测试方法 (2020-04-17)
- Escaping a Broken Container - 'namespaces' from 35C3 CTF (2019-04-15)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465, 2021-05-30)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- Docker组件间标准输入输出复制的DoS攻击分析 (网络信息安全学报 2020)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again (2020-12-10)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- An Exercise in Practical Container Escapology (2019-03-07)
- Kata Containers逃逸研究 (2020-09-25)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- 针对容器的渗透测试方法 (2020-04-17)
- Kata Containers逃逸研究 (2020-09-25)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
-
1.4 Serverless
- Hacking Serverless Runtimes (Black Hat 2017)
- Hacking Serverless Runtimes (Whitepaper)
- Serverless Toolkit for Pentesters (2018-11-11)
- Serverless Red Team Infrastructure: Part 1, Web Bugs (2018-09)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- How We Escaped Docker in Azure Functions (2021-01-27)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- CDN+FaaS打造攻击前置 (2021-08-11)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
-
1.6 Service Mesh
-
Sub Categories
Keywords
kubernetes
8
security
7
containers
4
container-security
4
cloud-native
3
kubernetes-security
3
penetration-testing-tools
2
vulnerabilities
2
docker
2
cloud-native-security
2
agent
1
rasp
1
linux-security
1
hids
1
edr
1
cwpp
1
rbac
1
conjbot
1
authorization
1
openshift
1
penetration
1
kube-bench
1
cis-security
1
cis-kubernetes-benchmark
1
cis-benchmark
1
privilege-escalation
1
runtime-security
1
checklist
1
devsecops
1
falco
1
ebpf
1
requirments
1
cncf-project
1
cncf
1
kubelet
1
hacktools
1
exploits
1
container-escape
1
container
1
hitb
1
blackhat
1
tool
1
pentest
1
image-security
1
k8s
1
containerd
1
k8s-penetration-toolkit
1
cloud-security
1
kernel-exploitation
1
kubernetes-clusters
1