A quick k8s environment setup
Introduction If you intend to thwart any attacks against your cloud environment, awareness and knowledge of the current and emerging threat landscape, attack vectors and attack paths are vital. Attackers generally start at poking at the externally hosted assets, they enumerate for its services, any domains, and sub-domains the company have, any web apps hosted on these domains, any mobile apps and sensitive information they leak, which hosting / cloud provider the apps are hosted on, does the company use any public Git repositories, the technology stack of the apps, and its supply chain. These knowledge gathering tasks we collectively call Open-Source Intelligence (OSINT) Gathering techniques. Attackers do not leave a stone unturned, after all they have all the time in their hands. Therefore, it becomes paramount for us cyber security folks to ensure we are top of the latest threats and exploits, this blog series is an attempt to present a catalogue of various cloud-based attacks