Kubernetes Audit Log “Gotchas”
How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection.
Shay Berkovich
Shay is part of the Threat Research team in Wiz working on various aspects of container and cloud security with the emphasis on Kubernetes emerging threats. His new interests include code and CICD security and supporting WizCode security capabilities. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security research and architecture. Shay holds a Masters' degree from University of Waterloo with (somewhat unexpected) thesis in runtime verification, is an author of multiple blogs and articles and has delivered multiple talks in academic and industrial security conferences (Usenix Security, Kubecon and fwd:cloudsec among a few).
Shay Berkovich Posts
Making Sense of Kubernetes Initial Access Vectors Part 2 - Data Plane
Learn about Kubernetes data plane access, including applications running on the cluster, container images, and execution-as-a-service workload types.
Making Sense of Kubernetes Initial Access Vectors Part 1 – Control Plane
Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats.
Pause off my cluster: DERO cryptojacking takes a new shape
Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.
Top security talks from KubeCon Europe 2024
KubeCon Europe is the largest open source community conference in Europe with hundreds of talks, many of them about security. All the sessions are available online; in this blog, we’ll discuss our favorites.
NamespaceHound: protecting multi-tenant K8s clusters
NamespaceHound is an open-source tool for detecting the risk of potential namespace crossing violations and anonymous access opportunities in multi-tenant clusters.
New attack vectors in EKS
We explore how advancements in EKS Access Entries and Pod Identity have opened new attack vectors and offer examples of how adversaries could exploit them.
New EKS Access Management and Pod Identity features: a security analysis
The Wiz research team unpacks the security implications of the new EKS access and identity management features and recommends best practices when using them.
Key takeaways from the Wiz 2023 Kubernetes Security Report
Today, Wiz published its 2023 Kubernetes Security Report. Here are some key takeaways.
Kubernetes Grey Zone: Risks in Managed Cluster Middleware
Are your managed Kubernetes clusters safe from the risks posed by middleware components? Learn how to secure your clusters and mitigate middleware risks.
Top Security Talks from KubeCon Europe 2023
KubeCon Europe is the largest open-source community conference in Europe with hundreds of talks. We picked our favorite Kubernetes security sessions available online.
From Pod Security Policies to Pod Security Standards – a Migration Guide
Pod Security Policies were removed in Kubernetes v1.25 — learn how to migrate from Pod Security Policies to Pod Security Standards
Enhancing Kubernetes security with user namespaces
Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25.