Container Security Checklist:
From the image to the workload

چک لیست امن سازی کانتینرها

🔹 https://github.com/krol3/container-security-checklist

#DevSecOps #Github
کانال آموزش کامپیوتر
@Engineer_Computer

⭕️ RADAR: How DevSecOps is Revolutionizing Security at Snapp

در این مقاله یکی از AppSec Engineer های Snapp به بررسی جزئیات DevSecOps توی اسنپ پرداخته.

به طور خیلی خلاصه فریمورک رادار اسنپ که ترکیب Security Testing در CI/CD هست شامل ابزار های زیر میشه:
1. SAST:‌ semgrep
2. SCA, SBOM: Grype, Syft
3. Secret Detection: Gitleaks
4. IaC: KICS
5. Container Scanning: Trivy
6. DAST: ZAP
7. Vulnerability Management: DefectDojo, OWASP Dependency-Track

مقاله:
https://medium.com/@mohammadkamrani7/radar-how-devsecops-is-revolutionizing-security-at-snapp-5f496fd08e79

#DevSecOps #AppSec #DAST #SAST
@Engineer_Computer

⭕️Red team: Journey from RCE to have total control of Cloud Infrastructure

۱. ابتدا محقق با کشف یک RCE در وب اپ به docker container دسترسی گرفته
۲. سپس متوجه شده که در محیط restrict قرار داره و فقط microdnf نصب هست
۳. محقق متوجه میشه که به subnet های دیگه درون شبکه از طریق container دسترسی داره و از این طریق ip یه gitlab instance رو پیدا میکنه
۴. و بعد متوجه میشه که این instance به CVE-2021-22205 آسیب پذیر هست
۵. بعدش از طریق این CVE به Gitlab و دیتابیس اون دسترسی میگیره و بعد از طریق دسترسی admin استفاده میکنه تا یدونه ریپازیتوری و CI/CD pipeline بسازه برای pivot به Gitlab worker instance
۶. و در Gitlab worker node تونسته تعداد زیادی secret و API KEY و ... و همچنین kubeconfig فایل رو پیدا کنه

برای جزيیات بیشتر مقاله زیر رو بخونید
https://mr-r3bot.github.io/red/team/2023/05/22/From-RCE-to-owning-entire-cloud-infrastructure.html

#RedTeam #RCE #Pivot #DevSecOps
@Engineer_Computer

DevSecOps Engineer
DC-Washington, ECS is seeking a DevSecOps Engineer to work in our Washington, DC office. Job Description: ECS is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a DevSecOps Engineer Team Lead to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Gove

http://jobview.monster.com/DevSecOps-Engineer-Job-Washington-DC-US-262741778.aspx

#US #DevSecOps Engineer

@Engineer_Computer

🛡 Wazuh Mastery Pack · 02 of 15 — CLI Commands

The Wazuh GUI is great. The CLI is where you actually solve problems at 2am.

This cheat sheet is the muscle memory I wish I'd had on day one — service control, agent management, live log testing with wazuh-logtest, cluster operations, and the file paths you'll touch a thousand times.

Three commands every Wazuh operator should burn into memory:

🔹 /var/ossec/bin/wazuh-control configtest
→ validates ossec.conf BEFORE you restart in production. Has saved me from at least three outages.

🔹 /var/ossec/bin/wazuh-logtest
→ paste a raw log line, see exactly which decoder and which rule fires (or doesn't). Single best tool for tuning custom rules.

🔹 /var/ossec/bin/agent_control -l
→ shows every agent and its connection status. Faster than the dashboard when you just need a quick health check.

If you operate Wazuh and aren't using these, you're doing it the hard way.

#Wazuh #SIEM #SOC #BlueTeam #DevSecOps #CLI #InfoSec

📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 05 of 15 — Wazuh API Anything you can do in the Wazuh dashboard, you can automate via the REST API on port 55000. This cheat sheet is the muscle: token auth, the endpoints I hit weekly, filtering and pagination, and curl one-liners you can drop into a Bash script today. Three workflows the API unlocks:
🔹 Mass-restart agents after a rule change → PUT /agents/restart (no more clicking through 200 hosts)
🔹 Auto-decommission stale agents → GET /agents?lastKeepAlive&status=disconnected → DELETE the list
🔹 Pipe rule and SCA data into your own dashboards → no need to touch OpenSearch directly Tokens expire in 15 minutes by default. Re-auth in your script, don't hardcode them.

#Wazuh #API #SIEM #Automation #SOC #DevSecOps #InfoSec

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 13 of 15 — Docker & Kubernetes

Containers don't have a /var/log to watch. They have an event stream and an audit log. Wazuh handles both.

This cheat sheet is the working config:

🐳 Docker — the docker-listener wodle pulls container lifecycle events (create, start, exec, kill, network-connect) straight from the daemon socket
☸️ Kubernetes — Wazuh agent as a DaemonSet (one per node) plus parsing /var/log/kubernetes/audit/audit.log

The single most important event to alert on in any container environment:
👉 docker exec into a production container.

If a human (or attacker) is shelling into a running prod container, you want to know about it within seconds. That's a tier-1 alert in any mature container security program.

#Wazuh #Kubernetes #Docker #ContainerSecurity #CloudNative #DevSecOps #SOC #InfoSec

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 14 of 15 — Troubleshooting

Wazuh fails in three ways. This cheat sheet covers all three.

🔹 Agent won't connect
→ 90% of the time it's a port (1514 / 1515 blocked) or a key mismatch. nc -vz the manager from the agent. Re-key with agent-auth.

🔹 Queue saturated ("queue is full" in ossec.log)
→ bump <queue_size> in the <remote> block AND analysisd.event_threads in internal_options.conf. The default queue is too small for any real workload.

🔹 Cluster won't sync
→ all nodes need the same KEY, port 1516 open between them, identical Wazuh versions. cluster.log on the master tells you which one is broken.

The one habit that prevents most incidents:
👉 Before opening a ticket — grep -E 'ERROR|WARN' /var/ossec/logs/ossec.log
You'll find the answer 80% of the time.

#Wazuh #SIEM #Troubleshooting #SOC #DevSecOps #InfoSec #BlueTeam

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer