Background: In this section, we will discuss specific actions during evidence collection, log analysis, and recovery for situations where it is necessary to determine if unencrypted secrets or [...] Read more
Background:
During incident response activities at the cluster level, we should not focus solely on pods created via kubectl that are managed by the Kubernetes control plane (kubelet and etcd). It is [...] Read more
Background:
During incident response activities in Kubernetes, we need to ensure that artifacts have not been altered. One of the best places to hunt for artifacts is etcd, where Kubernetes stores [...] Read more
Background: Sometimes, you may encounter situations where no logs are being stored for your Kubernetes pods. In such cases, you still need to investigate potential malicious network activity using [...] Read more
Background:
As we continue our journey through action reconstruction in Kubernetes, we have already discussed one of the forensic methods for supply chain attack investigation at the pod level. Now, [...] Read more
Background:
If we are discussing one of the stages of incident response in Kubernetes—specifically log collection and evidence analysis—the approach is different from traditional methods used for [...] Read more
Background:
In incident response log collection, you might encounter situations where EDR/XDR solutions or log collectors are not present on a machine. Additionally, some syslogs might be missing. [...] Read more
