Blog & Resources

Latest Articles

6 articles

NGINX Rift CVE-2026-42945: What to Check in Ingress NGINX

The bug lives inside NGINX native C rewrite logic, not the ingress-nginx Go controller. Check the rendered nginx.conf, rewrite shape, NGINX version, ASLR posture, and admission controls.

20 min Read →

$Kubernetes Audit Logs detection engineering$

Detection Engineering

Kubernetes Audit Logs: Detect Attacks Before It Is Too Late

Turn API-server audit logs into high-signal detections for pod exec, secret access, RBAC escalation, privileged workloads, persistence, and SIEM correlation.

18 min read Read article

Hardening Guide

Nginx Ingress Controller: Migration & Security Guide

Production-grade migration path for Nginx Ingress on Kubernetes — TLS configuration, annotation hardening, rate limiting, and the security misconfigurations that expose clusters.

12 min Read

Red Team / Attack Path

Lateral Movement on Kubernetes

Flat pod networking, over-permissive service accounts, weak egress controls, and missing NetworkPolicies turn one compromised workload into a cluster-wide attack path.

May 2026 · 18 min read Read →

Policy

Kubernetes Compliance: CIS Benchmarks, NSA/CISA Hardening, and What Actually Matters

Not all 200+ CIS controls matter equally. Security-first prioritization ranked by real-world exploitability — not auditor comfort.

Apr 11, 2026 · 16 min read Read →

Guide

Start Securing Your Pods: Seccomp, SELinux, Secrets & the Misconfigurations That Undo Everything

Every cluster-level control you’ve hardened is meaningless if the pod spec hands attackers the keys.

Apr 14, 2026 · 20 min read Read →