Bold Statements
Some time ago I had the pleasure to speak at the BASTA! Autumn 2019 conference. There, I promised to publish my slides such that they can be used as a reference for developers and security guys like me. And with this blog post I would like to hold up to my promise.
Continue reading “BASTA! Autumn 2019 – Security in DevOps”
Continue readingThis week I was at DevSecCon in London to present my current research on Red Hat OpenShift. In this talk, I gave a brief introduction to OpenShift, demonstrated some threats that exist for such environments, and dived into different configuration issues that may affect the security of OpenShift environments. The implications of misconfigurations of such an environment have been shown in live demos.
Continue readingDocker has become the go-to technology in enterprise- and DevOps contexts. Yet, before mastering a skill, there is the thumb rule: one must learn the basics to have solid fundament before building a house on top. Continue reading “Catching fire with Docker, DevOps & Security in Enterprise Environments”
Continue readingMatthias and I had the pleasure to give a talk at the H2HC2018 in São Paulo, Brazil about attacking VMware NSX. The talk is an introduction to VMware NSX for security researchers, and it discusses possible attack vectors including the management, controlling, and data exchange planes. We demonstrated how to prepare a fuzzing and debugging setup for the ESXi kernel and the kernel modules. It should be noted that Olli was also supporting the research. Continue reading “H2HC2018 – Attacking VMware NSX”
Continue reading