You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
Kubernetes allows decoupling complex logic such as policy decision from the inner working of API Server by means of "admission controllers”. Admission control is a custom logic executed by a webhook. Kubernetes policy controller is a mutating and a validating webhook which gets called for matching Kubernetes API server requests by the admission controller. It uses Open Policy Agent (OPA) is a policy engine for Cloud Native environments hosted by CNCF as a sandbox level project.
kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resiliant.
kube-hunter is an open-source tool that hunts for security issues in your Kubernetes clusters. It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.
openshift-clair-controller - Openshift Controller for Clair
Introduction Kubernetes introduced NetworkPolicies in 1.6 and in OpenShift this feature was made GA in 3.7. Microsegmentation is the idea of protecting each host with host-specific firewall rules. In this blog post, we will examine approaches for using NetworkPolicies to implement microsegmentation. NetworkPolicy SDN OpenShift installation requires you to choose the SDN implementation that is …
gitleaks - Searches full repo history for secrets and keys 🔑
A bit of secutiry blog, by Alexander Korznikov. Security, python, bash, penetration testing experiments.
audit2rbac takes a Kubernetes audit log and username as input, and generates RBAC role and binding objects that cover all the API requests made by that user.
collector - A framework for Static Analysis of Docker container images
The magma server daemon, is an encrypted email system with support for SMTP, POP, IMAP, HTTP and MOLTEN,. Additional support for DMTP and DMAP is currently in active development.
cylon - Updates, maintenance, backups and system checks in a menu driven bash shell script for an Arch based Linux distro
Rebex SSH Check is a testing tool for SSH servers accessible over internet. The report contains an overview of SSH configuration of the server as well as security recommendations. The service is free.
goldfish - A HashiCorp Vault UI panel written with VueJS and Vault native Go API
securelogin - SecureLogin Client Implementation for Web, Desktop (with Electron) and Mobile (with Cordova)
modern-secrets-management - This repository features the code used in the Modern Secrets Management with Vault talk
checker-services - List of links to the various checkers out there on the web for sites, domains, security etc.