把鸟群赶出我的云端：使用 DuckDB 检测配偶破坏行为.pdf

《把鸟群赶出我的云端：使用 DuckDB 检测配偶破坏行为.pdf》由会员分享，可在线阅读，更多相关《把鸟群赶出我的云端：使用 DuckDB 检测配偶破坏行为.pdf（36页珍藏版）》请在三个皮匠报告上搜索。

1、Get The Flock Out of My Cloud:Using DuckDB to Detect Spousal SabotageJared Gore+Liz GoreJared GoreCloud Security EngineerPrimary Household Contribution:Sourdough Sweetie Liz Gore Director of IT&OperationsPrimary Household Contribution:1/2 finished DIY projectsAccidental IT GuyLiz graduated from SANS

2、 Cyber Academy!She got promoted!She played Baldurs Gate 3!Thenshe got bored.How can we stay sharp and have fun at the same time?Make it a Capture The Flag!Winner Takes AllPlay PerfectionCollaboration Strengthens Both SidesReal Scenarios=Real LearningPush Each Other to Level UpWelcome to the Homelab

3、vibe codedWeb Console/APIshart.clouds“Customers”Fortune 100100 enterprises*Popular Minecraft server(7 concurrent viewers!)Multiple fraud customers mining crypto*1e+200 I dont know what that means eitherCTF Begins:What access does our new employee have?Lizs Starting Point-K8s read-only access-kubelog

4、in SSO to prod clusterDPRK TTP PlaybookInsider Threat Motivation:Money-Access to financialsPower-Control over infrastructureInformation-Secrets that can be extortedPlan of Attack:Begin data reconnaissance for valuable targetsEstablish persistent access via service accounts and rolesEscalate permissi

5、ons across K8s AWS Azure Detect with DuckDBDuckDB-online analytics processing databaseDuckDB has cloud native integrations to services like S3 or Azure BlobSupports CSV,JSON,and Parquet filesFast,Fun,and Free!Detect with DuckDB(pt.2)Tailpipe from Turbot!Open Source SIEM for TerminalModular Plugins f

6、or AWS,Azure,&morehttps:/tailpipe.ioDetect with DuckDB(pt.3)Corkscrew from me!Open Source Cloud Configuration ScannerModular Plugins for AWS,Azure,GCP,K8sQuery Configuration w/SQLhttps:/ Game=Defender Point:Detection query catches attack=Attacker Point:Attack goes undetectedSCOREBOARDDefender:0|Atta