Kubernetes Incident Response Hunting: Identifying Malicious Traffic at the Node Level

- Posted in Incident Response by
Kubernetes Incident Response Hunting: Identifying Malicious Traffic at the Node Level
Background: Sometimes, you may encounter situations where no logs are being stored for your Kubernetes pods. In such cases, you still need to investigate potential malicious network activity using [...] Read more

Timeline Analysis for Kubernetes Security: Identifying Supply Chain Compromises Through Threat Hunting

- Posted in Incident Response by
Timeline Analysis for Kubernetes Security: Identifying Supply Chain Compromises Through Threat Hunting
Background: As we continue our journey through action reconstruction in Kubernetes, we have already discussed one of the forensic methods for supply chain attack investigation at the pod level. Now, [...] Read more

Incident Response in Kubernetes: Threat Hunting Techniques for Identifying Supply Chain Attacks

- Posted in Incident Response by
Incident Response in Kubernetes: Threat Hunting Techniques for Identifying Supply Chain Attacks
Background: If we are discussing one of the stages of incident response in Kubernetes—specifically log collection and evidence analysis—the approach is different from traditional methods used for [...] Read more

Forensics of Operating System Non-Agentic AI Activity Traces

- Posted in Incident Response by
Forensics of Operating System Non-Agentic AI Activity Traces
Background: As we have finished our research on agentic AI solutions, let's deep dive into one of the common non-agentic AI features implemented in the latest Windows OS. The name of this feature is [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 2]

- Posted in Hardenings by
Forensics of Operating System Agentic AI Activity Traces [Part 2]
Background: During our previous article, we discovered the steps to reveal the root cause of the incident that involved the Claude AI agentic desktop. Over this article we shall discuss google gemini [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 1]

- Posted in Incident Response by
Forensics of Operating System Agentic AI Activity Traces [Part 1]
Background: During incident response, log analysis stages may involve built-in or installed operating system AI helpers such as Claude, OpenAI, and others. Previously, we discussed traces related to [...] Read more

Static Code Analysis for Incident Root Cause and Evidence Recovery

- Posted in Incident Response by
Static Code Analysis for Incident Root Cause and Evidence Recovery
Background: Sometimes during incident response, specialists need to understand the root cause of the incident as quickly as possible. This understanding helps us mitigate the issue and restore [...] Read more

Safe IDE Extensions: Key Triggers and Chunks to Watch for in Plugin Code

- Posted in Threat Analyze by
Safe IDE Extensions: Key Triggers and Chunks to Watch for in Plugin Code
Background: Only looking into well-known attack patterns found in Chrome and other browser extensions is not enough. Since we work daily with IDEs, there is another potential attacker [...] Read more

Unlocking Security: SBOM Benefits for Container Investigations

- Posted in Threat Analyze by
Unlocking Security: SBOM Benefits for Container Investigations
Background: During the incident response analysis stage, it is mandatory to answer the question of how the attacker appeared inside the environment. This becomes especially challenging when dealing [...] Read more

Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems

- Posted in Incident Response by
Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems
Background: The OpenClaw agentic solution has an interaction feature related to feeding independent developer skills from the specific marketplace. The feature name is 'skills,' which is misleadingly [...] Read more
Page 1 of 10