Smarticu5
@smarticu5.bsky.social
Cloud-native offsec at AmberWolf
Oh good, another multitenanted security control being bounded by namespace labelling in Kubernetes. What could go wrong?
kubernetes.io/docs/concept..., h/t to @mccune.org.uk for pointing this out.
kubernetes.io/docs/concept..., h/t to @mccune.org.uk for pointing this out.
November 15, 2025 at 10:22 AM
Oh good, another multitenanted security control being bounded by namespace labelling in Kubernetes. What could go wrong?
kubernetes.io/docs/concept..., h/t to @mccune.org.uk for pointing this out.
kubernetes.io/docs/concept..., h/t to @mccune.org.uk for pointing this out.
Reposted by Smarticu5
We've got a new blog out looking at Kubernetes versions in use in real-world clusters, and it's actually quite good news from a security perspective.
securitylabs.datadoghq.com/articles/a-2...
securitylabs.datadoghq.com/articles/a-2...
A 2025 look at real-world Kubernetes version adoption | Datadog Security Labs
A 2025 look at real-world Kubernetes version adoption
securitylabs.datadoghq.com
November 10, 2025 at 11:10 AM
We've got a new blog out looking at Kubernetes versions in use in real-world clusters, and it's actually quite good news from a security perspective.
securitylabs.datadoghq.com/articles/a-2...
securitylabs.datadoghq.com/articles/a-2...
Reposted by Smarticu5
You've got just over a week to contribute feedback for the new OWASP Kubernetes Top 10 docs.google.com/forms/d/e/1F... . Thanks to all the people who have taken the time to contribute already!
OWASP Kubernetes Top 10 2025 Survey
Kubernetes SIG Security Docs subproject is starting an update of the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
The goal of the Top 10 is to provide awarenes...
docs.google.com
October 23, 2025 at 12:34 PM
You've got just over a week to contribute feedback for the new OWASP Kubernetes Top 10 docs.google.com/forms/d/e/1F... . Thanks to all the people who have taken the time to contribute already!
Just under a week left until kcduk.io, hosted this year in beautiful Edinburgh. If you haven’t got a ticket yet, there are still some available. I can guarantee some excellent company and talks. Weather may vary, but the city’s still pretty in the drizzle.
Kubernetes Community Days UK - Edinburgh 2025 | CNCF
In-person Event - Kubernetes Community Days UK - Edinburgh 2025
kcduk.io
October 15, 2025 at 8:34 PM
Just under a week left until kcduk.io, hosted this year in beautiful Edinburgh. If you haven’t got a ticket yet, there are still some available. I can guarantee some excellent company and talks. Weather may vary, but the city’s still pretty in the drizzle.
Reposted by Smarticu5
This is just great.
I've edited a video! Of some of my standup! Like you're supposed to when you're a comedian!
Please enjoy "My jokes are good, actually, and here are the reasons why".
Shares/fawning praise etc obviously appreciated x
www.youtube.com/watch?v=s93X...
Please enjoy "My jokes are good, actually, and here are the reasons why".
Shares/fawning praise etc obviously appreciated x
www.youtube.com/watch?v=s93X...
My jokes are good, actually, and here are the reasons why.
YouTube video by Guy Kelly
www.youtube.com
October 4, 2024 at 6:56 AM
This is just great.
Reposted by Smarticu5
Please enjoy today, 25/9/2025, the last square date until 2116 (5^2/3^2/45^2).
September 25, 2025 at 7:38 AM
Please enjoy today, 25/9/2025, the last square date until 2116 (5^2/3^2/45^2).
Reposted by Smarticu5
My talk at @containerdays.bsky.social this week was on Kubernetes and post exploitation. I've had a couple of requests for a companion blog post, so here it is. The post looks at some things attackers might do in clusters they've compromised to retain access.
raesene.github.io/blog/2025/09...
raesene.github.io/blog/2025/09...
Beyond the surface - Exploring attacker persistence strategies in Kubernetes
raesene.github.io
September 12, 2025 at 10:17 AM
My talk at @containerdays.bsky.social this week was on Kubernetes and post exploitation. I've had a couple of requests for a companion blog post, so here it is. The post looks at some things attackers might do in clusters they've compromised to retain access.
raesene.github.io/blog/2025/09...
raesene.github.io/blog/2025/09...
Reposted by Smarticu5
The next Cloud Native and Kubernetes Edinburgh meetup is next week (Weds)! We have a top line-up with @thebsdbox.co.uk doing a deep dive on k8s networking and Ballie Gifford talking about their k8s journey.
Cloud Native and Kubernetes Edinburgh September 2025, Wed, Sep 17, 2025, 6:00 PM | Meetup
We're back after a summer break for our next meetup sponsored by none other than [Isovalent](https://isovalent.com/)!
Doors opening at 6pm for food and drink thanks to the
www.meetup.com
September 9, 2025 at 10:03 AM
The next Cloud Native and Kubernetes Edinburgh meetup is next week (Weds)! We have a top line-up with @thebsdbox.co.uk doing a deep dive on k8s networking and Ballie Gifford talking about their k8s journey.
Unsurprisingly, I have opinions about Kubernetes, particularly when it comes to multitenancy and how easy it is to break out of common deployments. Today I wrote about them for @amberwolfsec.bsky.social
blog.amberwolf.com/blog/2025/se...
blog.amberwolf.com/blog/2025/se...
Breaking Boundaries - Kubernetes Namespaces and multi-tenancy
AmberWolf Security Research Blog
blog.amberwolf.com
September 1, 2025 at 5:49 PM
Unsurprisingly, I have opinions about Kubernetes, particularly when it comes to multitenancy and how easy it is to break out of common deployments. Today I wrote about them for @amberwolfsec.bsky.social
blog.amberwolf.com/blog/2025/se...
blog.amberwolf.com/blog/2025/se...
Babe wake up new punk rock dinosaur just dropped. arstechnica.com/science/2025...
New dinosaur species is the punk rock version of an ankylosaur
A species known only by a single rib turns out to be covered with meter-long spikes.
arstechnica.com
August 29, 2025 at 2:57 PM
Babe wake up new punk rock dinosaur just dropped. arstechnica.com/science/2025...
Reposted by Smarticu5
"Pat, why do you carry that ridiculous 600mm lens on long hikes?"
Buddy, I can see mountains reflected in the eyes of a trailside pika.
Buddy, I can see mountains reflected in the eyes of a trailside pika.
August 28, 2025 at 4:18 PM
"Pat, why do you carry that ridiculous 600mm lens on long hikes?"
Buddy, I can see mountains reflected in the eyes of a trailside pika.
Buddy, I can see mountains reflected in the eyes of a trailside pika.
August 27, 2025 at 2:37 PM
Gutted to be missing this one!
We've just announced the next Cloud Native and Kubernetes Edinburgh event, back after a bit of a break over summer with an absolute banger of a meetup that includes the one and only @thebsdbox.co.uk www.meetup.com/cloud-native...
Cloud Native and Kubernetes Edinburgh September 2025, Wed, Sep 17, 2025, 6:00 PM | Meetup
We're back after a summer break for our next meetup sponsored by none other than [Isovalent](https://isovalent.com/)!
Doors opening at 6pm for food and drink thanks to the
www.meetup.com
August 17, 2025 at 4:02 PM
Gutted to be missing this one!
Reposted by Smarticu5
Is your company hiring? Would I be useful to your team?
I think I'm ready to open discussions for 2026.
I still have commitments to finish over the next 6 months, but let's start talking.
I'm in no rush and looking to find the right product / team / company.
RTs appreciated
I think I'm ready to open discussions for 2026.
I still have commitments to finish over the next 6 months, but let's start talking.
I'm in no rush and looking to find the right product / team / company.
RTs appreciated
I miss working with other people and having a common goal.
Doing your own thing is kinda lonely!
Doing your own thing is kinda lonely!
a cartoon character is standing in the rain with a sad look on his face
ALT: a cartoon character is standing in the rain with a sad look on his face
media.tenor.com
August 17, 2025 at 10:44 AM
Is your company hiring? Would I be useful to your team?
I think I'm ready to open discussions for 2026.
I still have commitments to finish over the next 6 months, but let's start talking.
I'm in no rush and looking to find the right product / team / company.
RTs appreciated
I think I'm ready to open discussions for 2026.
I still have commitments to finish over the next 6 months, but let's start talking.
I'm in no rush and looking to find the right product / team / company.
RTs appreciated
Reposted by Smarticu5
Some say the learning curve for Kubernetes is steep. Try the walk up Calton Hill!
April 28, 2025 at 1:09 PM
Some say the learning curve for Kubernetes is steep. Try the walk up Calton Hill!
Some musings on the use of the “exec” directive in a kubeconfig, and how they might be useful to a red teamer or other nasty internet person: blog.iainsmart.co.uk/posts/kubect...
Kubectl Get Hacked
Discussing some ways kubeconfig files can bite
blog.iainsmart.co.uk
April 28, 2025 at 2:07 PM
Some musings on the use of the “exec” directive in a kubeconfig, and how they might be useful to a red teamer or other nasty internet person: blog.iainsmart.co.uk/posts/kubect...
If anyone at #KubeConEU hasn't ever tried a Tunocks caramel wafer, hit me up. I'm travelling prepared.
April 2, 2025 at 4:20 AM
If anyone at #KubeConEU hasn't ever tried a Tunocks caramel wafer, hit me up. I'm travelling prepared.
If you're into variant sudoku, the daily from Cracking the Cryptic's discord is an excellent puzzle today. sudokupad.app/9f1izfy5tg
April 1, 2025: Big/Small/Odd/Even/Prime/Nonprime/Integer Sudoku by clover! (Sven's SudokuPad v0.590.0)
sudokupad.app
April 1, 2025 at 4:16 PM
If you're into variant sudoku, the daily from Cracking the Cryptic's discord is an excellent puzzle today. sudokupad.app/9f1izfy5tg
Gutted to only be at two days of #KubeCon this year. Flying down tomorrow for a swift 36 hours in London catching up with some wonderful people. /honk remotely to everyone already there!
April 1, 2025 at 9:00 AM
Gutted to only be at two days of #KubeCon this year. Flying down tomorrow for a swift 36 hours in London catching up with some wonderful people. /honk remotely to everyone already there!
Does anyone who follows me happen to run a blog or similar which they spellcheck with cspell, and have a custom dictionary of container/Linux words?
Apparently the git repo I just ran it on has several hundred typos, but most of those are just "suid" or "containerd" or similar.
Apparently the git repo I just ran it on has several hundred typos, but most of those are just "suid" or "containerd" or similar.
February 9, 2025 at 3:13 PM
Does anyone who follows me happen to run a blog or similar which they spellcheck with cspell, and have a custom dictionary of container/Linux words?
Apparently the git repo I just ran it on has several hundred typos, but most of those are just "suid" or "containerd" or similar.
Apparently the git repo I just ran it on has several hundred typos, but most of those are just "suid" or "containerd" or similar.
After CVE-2024-9042 dropped yesterday, I had a play about to see if I could reproduce the vuln. Spoiler alert, yes I could. I've just published some notes over on the @amberwolfsec.bsky.social blog
blog.amberwolf.com/blog/2025/ja...
blog.amberwolf.com/blog/2025/ja...
Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes
AmberWolf Security Research Blog
blog.amberwolf.com
January 17, 2025 at 3:48 PM
After CVE-2024-9042 dropped yesterday, I had a play about to see if I could reproduce the vuln. Spoiler alert, yes I could. I've just published some notes over on the @amberwolfsec.bsky.social blog
blog.amberwolf.com/blog/2025/ja...
blog.amberwolf.com/blog/2025/ja...
Securi-Tay tickets confirmed! That's a conference planned for Feb, March, and April.
January 12, 2025 at 7:24 PM
Securi-Tay tickets confirmed! That's a conference planned for Feb, March, and April.
Happy Christmas everyone!
Does anyone know if the meeces ever got their cheeses?
Does anyone know if the meeces ever got their cheeses?
December 25, 2024 at 7:16 PM
Happy Christmas everyone!
Does anyone know if the meeces ever got their cheeses?
Does anyone know if the meeces ever got their cheeses?
Reposted by Smarticu5
Slides for the @bsideslondon.bsky.social container security workshop presented with @smarticu5.bsky.social and @marionmccune.bsky.social are here blog.iainsmart.co.uk/talks/BSides...
blog.iainsmart.co.uk
December 15, 2024 at 10:48 AM
Slides for the @bsideslondon.bsky.social container security workshop presented with @smarticu5.bsky.social and @marionmccune.bsky.social are here blog.iainsmart.co.uk/talks/BSides...