Tag: cloud native
-
Container Scanning in Kubernetes
While the escapades of Certified Kubernetes Security specialist renewal are continued and ongoing I’ve felt it was best to craft another scenario to leverage for the container security portion of the exam. Particularly you’re required to remediate many items in your cluster and ideally these items should be caught in your CI/CD pipeline before deployment.…
-
Hacking Kubernetes via ServiceAccountTokens
Kubernetes has a large amount of advancements and inherent good security principles but these are dependent on configurations that are typically not well-known to end users. Predominantly the constructs of Service Accounts or (Non-human Identities) for the masses are populated in many services as they act as the go-between for service to authenticate and operate…
-
Image Policy Webhook
Image Policy Webhook is a native Kubernetes admission plugin that enforces security policies by validating container images before they are deployed. This ensures that only trusted and compliant images run in your environment. This will take the image that is attempted to be applied compare against predefined policies, and if those policies allow the image…
-
Bill of Materials CKS Refresher
A Software Bill of Materials (SBOM) is like the ingredients list on your food package—it reveals what components, libraries, and dependencies go into building the final software. Just as checking food labels helps you understand nutritional content and potential allergens, an SBOM provides transparency into third-party components, helping identify vulnerabilities early in the software supply…
-
Prompt Flow Running Exa AI
Promptflow is an open-source development tool created by Microsoft to streamline the end-to-end development lifecycle of LLM-based AI applications. When building agentic workflows, having a good foundation of the workflow you’ll want something that is modular, reusable and provides visibility. To effectively utilize this tool, it’s important to understand its key concepts, which can be…
-
Simulating Kubernetes Attacks with Detection of Falco + Tetragon
Microsoft recently released an open-source repository designed to simulate attacks on Kubernetes clusters, showcasing the detection capabilities of Defender for Cloud sensors. However, this tool can also be extended to work with other Intrusion Detection Systems (IDS) for monitoring Kubernetes environments. As with any detection solution, it is crucial to rigorously test various attack scenarios…
-
Azure AI Foundry
Introduction This week at Microsoft Ignite, Azure AI Foundry was unveiled as the rebranded successor to “Azure AI Studio.” This marks a significant step toward unifying AI development tools under one cohesive platform. Azure AI Foundry provides a streamlined toolchain and an SDK designed for efficient consumption of AI models, supporting both OpenAI and Mistral…
-
RouteLLM Unlocking Cost Effective LLM Routing
Introduction Costs associated with using closed-source large language models can add up in the use cases of complex tasks due to the nature of how tokens are priced for using APIs. RouteLLM is a open-sourced project that creates a method to determine based on the query a user sends which LLM to choose based on…
-
Batch Jobs in Azure OpenAI
Introduction In the existing landscape of Generative AI, optimizing API submissions is crucial for both cost and performance. Whether you’re fine-tuning token usage or streamlining context-aware requests using Retrieval-Augmented Generation (RAG), finding the right tools can make a significant difference. One of the most promising solutions is the Azure OpenAI Batch API, designed specifically for…
-
Mutability of FIPS on AKS
Introduction Your in compliance and tasked with identifying which microservice supported supports Federal Information Processing standards. Operations are dynamic and can change from supporting a business unit that might have this requirement, so what are you options if you have to revert and keep the cluster? Currently in Azure Kubernetes Service this has been capable…