supply_chain

Kubernetes Incident Response Hunting: Identifying Anomalies in etcd During a Rapid Response Situation

19 April 2026 - Posted in Incident Response by Jok3r

Background: During incident response activities in Kubernetes, we need to ensure that artifacts have not been altered. One of the best places to hunt for artifacts is etcd, where Kubernetes stores [...] Read more

Kubernetes Incident Response Hunting: Identifying Malicious Traffic at the Node Level

12 April 2026 - Posted in Incident Response by Jok3r

Background: Sometimes, you may encounter situations where no logs are being stored for your Kubernetes pods. In such cases, you still need to investigate potential malicious network activity using [...] Read more

Timeline Analysis for Kubernetes Security: Identifying Supply Chain Compromises Through Threat Hunting

05 April 2026 - Posted in Incident Response by Jok3r

Background: As we continue our journey through action reconstruction in Kubernetes, we have already discussed one of the forensic methods for supply chain attack investigation at the pod level. Now, [...] Read more

Incident Response in Kubernetes: Threat Hunting Techniques for Identifying Supply Chain Attacks

29 March 2026 - Posted in Incident Response by Jok3r

Background: If we are discussing one of the stages of incident response in Kubernetes—specifically log collection and evidence analysis—the approach is different from traditional methods used for [...] Read more

Risky NPM Package (Agentic AI assistant)

01 February 2026 - Posted in Incident Response by Jok3r

Background Because the saga of AI and agentic clients continues, organizations can be put at risk since threat actors may target such solutions. This has prompted an effort to understand what is [...] Read more

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

25 January 2026 - Posted in Hardenings by Jok3r

Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers

06 September 2025 - Posted in Other by Jok3r

Background: In my recent articles, we discussed a lot various supply chain attack scenarios. This led me to think about a new type of supply chain attack, specifically targeting Linux package [...] Read more

Infinity War: Threat in the Docker Images

14 July 2025 - Posted in Other by Jok3r

Background: In one of our previous articles, we discussed analyzing Docker images for vulnerabilities at the operating system level. In this article, we will explore another attack pattern related to [...] Read more

Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project

01 January 2025 - Posted in Threat Analyze by Jok3r

Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. [...] Read more

Securing the Software Supply Chain: Detecting and Responding to Compromised Packages Due to Maintainer Account Compromises

03 August 2024 - Posted in Other by Jok3r

Background: Today, we heavily rely on open-source developed packages and solutions. Previous lessons have shown that compromises in these solutions can pose critical threats. These solutions serve as [...] Read more