Supply Chain Security Python

TL;DR A new kind of cyber threat has come to light recently: software supply chain attacks. While rare, they have massive impacts, and protecting against them is a rising concern. Because of its variety of use cases, there is no single rule to apply to your python projects to be safe and as always it depends on your context. Introduction In traditional industries, a supply chain is anything that allows a company to deliver a product to the customer. [Read More]

How to write a TCP scanner in Go

In the toolbox of any pen tester, there is an app that allows them to detect open ports on a given server. Thanks to such an app, they can list all network entry points available on the system. These entry points can be open doors for attackers and this is why they need to identify them early in the process. The most famous TCP port scanner is a tool called nmap. [Read More]

K8s security - part 0 - Security Model

Prerequisite You already know Kubernetes architecture, its components and have notions of cybersecurity. Abstract In this introduction of a series devoted to Kubernetes security, we will first see that Kubernetes, although very popular and used by thousands of companies, is very hard to completely protect from attacks espescially if you create and operate your own cluster. Vulnerabilities have been discovered in the past and have sometimes been exploited by attackers. We will explore what makes Kubernetes hard to secure by default and propose a model that represents the layers that need to be secured. [Read More]