Hi!

The article is available on MISC magazine website. Note that this article is available behind a paywall, and in French. This article is an introduction to Tetragon, the project I’m working on at Isovalent.

This guide was originally published in the Tetragon documentation. It was first part of the getting started guides, but was later replaced and move to the tutorials section, that was later removed. Since we don’t want to maintain this guide anymore, it would have a good end of life on a blog if it can be useful to some people. Note that this guide is not a tutorial on how to deploy Tetragon standalone (i....

The article is available on Quarkslab’s blog. It explains the discovery of Microsoft OMI and how I fuzzed it to discover some crashes. It then details the finding and how they work.

The article is available on Quarkslab’s blog. The corresponding article on Falco blog is also available. It presents the findings of our audit of Falco. You can find the complete audit report here.

The article is available on MISC magazine website. Note that this article is available behind a paywall, and in French. In this article, we focus on what’s new in Kubernetes security enhancements on versions still being maintained at the time of writing: 1.22, 1.23 and 1.24 released in August 2021, December 2021 and May 2022 respectively.

The article was originally published on kubernetes.io blog. The PodSecurityPolicy (PSP) admission controller has been removed, as of Kubernetes v1.25. Its deprecation was announced and detailed in the blog post PodSecurityPolicy Deprecation: Past, Present, and Future, published for the Kubernetes v1.21 release. This article aims to provide historical context on the birth and evolution of PSP, explain why the feature never made it to stable, and show why it was removed and replaced by Pod Security admission control....

During the last three months, I had the opportunity to go to multiple events. First, a proposal I submitted to Black Hat Asia Arsenal was accepted to present kdigger, a Kubernetes security tool. Then I had the chance to go to the KubeCon Europe to meet the people with whom I interacted in the project. And finally, I got the last few tickets for a kernel developer conference in Paris, Kernel Recipes....

The article is available on Quarkslab’s blog. It traces the history of three Kubernetes-related vulnerabilities. Explaining what they are, how they were patched, and how they are related. The exploitation of these vulnerabilities allowed access to the underlying host filesystem for users that were not properly authorized.

The article is available on Quarkslab’s blog. It’s an introduction to Kubernetes security through the release of a new context discovery tool, kdigger, and its mini CTF companion, minik8s-ctf.

This project was done for between the end of my last TLS-SEC semester and the beginning of my final year internship. We were in pairs and had to choose our subject. We chose to work on code injection in video game via the game commands themselves. Abstract During this project, we tried to answer the question: "can you inject code and take control of the execution of a video game just by using its gameplay elements?...