Hi There 👋

I do container security and write bad home automations. Sometimes I write about them here.

Homelab Ingress and ExternalNames

Making Kubernetes handle homelab networking and DNS.

February 21, 2024

Read The Falco Manual

I need to read docs better. This post is to give myself a nice copy-paste for next time I want to do the thing I spent today doing, without reading again.

January 2, 2024

Spinny Remote Controls

A home automation post about remote controls that spin me right round, baby, right round.

August 18, 2023

Kubernetes 1.24 Public Audit

Originally posted by NCC Group at https://research.nccgroup.com/2023/04/17/public-report-kubernetes-1-24-security-audit/ NCC Group was selected to perform a security evaluation of Kubernetes 1.24.0 release in response to Kubernetes SIG Security’s Third-Party Security Audit Request for Proposals. The testing portion of the audit took place in May and June 2022. The global project team performed a security architectural design review that resulted in the identification of findings in terms of secure design of Kubernetes. The team also performed dynamic native application pen tests, including source code and cryptographic review which found vulnerabilities in multiple components....

April 17, 2023

10 Real-World Stories of CI/CD Compromise

Originally posted by NCC Group at https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/ with multiple authors. Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC Group has found many attack paths through different security assessments that could have led to a compromised CI/CD pipeline in enterprises large and small....

January 13, 2023