aws-security-survival-kit
osquery-defense-kit
aws-security-survival-kit | osquery-defense-kit | |
---|---|---|
3 | 2 | |
438 | 496 | |
1.1% | 0.6% | |
6.0 | 8.7 | |
about 1 month ago | 8 days ago | |
Makefile | Makefile | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-security-survival-kit
-
Incident 2 – Additional details of the attack
This actually makes me feel better (overall) about Lastpass! as a company. That they can go into some detail shows confidence and an openness that I didn't previously experience. That said, their admission that they have lots of old credentials lying around is not good. Most of the things they changed have been pretty standard AWS recommendations for years now.
Side note, as a DevOps engineer this article does give me some additional pause in my everyday work. I try very hard to keep "work" relegated to my work computer and "home" stuff relegated to my home computer(s). However, sometimes the two do meet; generally when testing something. The upside is that I'm going to (try to) be a bit more careful in the future. I'm also going to install some additional AWS checks/balances on my accounts[0], just to make sure.
[0] https://github.com/zoph-io/aws-security-survival-kit
- aws-security-survival-kit
- AWS Security Survival Kit: Bare-minimum security alerting
osquery-defense-kit
-
Google ads malvertising is targeting open source software
We had a close call with malvertising ourselves, so we wrote an osquery query to alert on .dmg/.iso/.pkg downloads from unknown sources:
https://github.com/chainguard-dev/osquery-defense-kit/blob/m...
This query should not be your only line of defense, but can provide an early heads up before the package is opened. You can deploy this query with Kolide, as it uses osquery under the hood.
It was once possible to have a query like this that worked on Linux using the user.xdg.origin.url extended file attribute, but Chromium dropped support for it in 2019 for privacy reasons: https://chromium.googlesource.com/chromium/src/+/a9b4fb70b43...
- osquery-defense-kit: Production-ready detection & response queries for osquery
What are some alternatives?
matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
windows_hardening - HardeningKitty and Windows Hardening settings and configurations
k8s-deployment - Reconmap Kubernetes deployment files
HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
helmfiles - Comprehensive Distribution of Helmfiles for Kubernetes
device_google_taimen - Pixel 2 XL device sources not shared with the Pixel 2.
platform_external_vanadium - Vanadium integration for GrapheneOS. See https://github.com/GrapheneOS/Vanadium for the Vanadium build configuration and patches.
howtheysre - A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
chromium - The official GitHub mirror of the Chromium source