Twitter | Search | |
Omer Levi Hevroni
AppSec engineer at . member. Mixed content warning: tweeting both in Hebrew and English
11,876
Tweets
481
Following
1,125
Followers
Tweets
Omer Levi Hevroni 30m
Replying to @yaronidan @KatzShai
Holy shit, this is impressive! This is very of you :) Lesson learned? Never run production changes in a cron job that run at 4am ๐Ÿ™ƒ
Reply Retweet Like
Omer Levi Hevroni 10h
BTW itโ€™s hard having kids at home and trying to work, but itโ€™s also kinda nice letting your kids become part of your daily routine and get to know you a bit better.
Reply Retweet Like
Omer Levi Hevroni 10h
Something like this, right?
Reply Retweet Like
Omer Levi Hevroni 10h
Me, each time after doing any production change. Especially those which are โ€œsafeโ€ and went well on dev.
Reply Retweet Like
Omer Levi Hevroni retweeted
Ran Bar-Zik 13h
ื•ื”ื ื” ืกื•ื“ ื“ื™ ื’ืœื•ื™: ืื™ื™ื˜ืžื™ื ื—ื™ื•ื‘ื™ื™ื? ื’ื•ืจืจื™ื ื”-ืจ-ื‘-ื” ืคื—ื•ืช ืขื ื™ื™ืŸ. ื›ืฉืื ื™ ื›ื•ืชื‘ ืขืœ ื›ืฉืœื™ื ืฉืœ ื”ืžืžืฉืœื” - ืื ื™ ืžืงื‘ืœ ืฉืคืข ืฉืœ ืœื™ื™ืงื™ื, ื”ื›ืชื‘ื•ืช ืžื’ื™ืขื•ืช ืœื ืงืจืื•ืช ื‘ื™ื•ืชืจ. ืื‘ืœ ืžื” ืงื•ืจื” ื›ืฉื”ืžืžืฉืœื” ืžืชื ื”ืœืช ื›ืžื• ืฉืฆืจื™ืš? ืœืคื ื™ ื–ืžืŸ ืžื” ืฉืžืขื ื• ืขืœ ื™ื•ื–ืžื” ืžืžืฉืœืชื™ืช ืœื‘ื ื•ืช ืžืื’ืจ ืฉืœ ืžื™ื™ืœื™ื ื•ื˜ืœืคื•ื ื™ื >>
Reply Retweet Like
Omer Levi Hevroni retweeted
ืจื•ืขื™ ื™ื ื•ื‘ืกืงื™ 16h
ื”ื‘ืœื•ื’ืจ "ืื™ืฉืชื•ืŸ" ืฉืขื‘ื“ ื‘ื—ื•ื“ืฉื™ื ื”ืื—ืจื•ื ื™ื ืขืœ ืชื—ืงื™ืจ ื”ื ื•ื’ืข ืœืคืจืฉืช ื”ืฆื•ืœืœื•ืช ื•ืžืชื•ื•ื” ื”ื’ื– ืขื•ื›ื‘ ืœื—ืงื™ืจื” ื”ื‘ื•ืงืจ ืข"ื™ ืœื”ื‘ 433 ื‘ื—ืฉื“ ืœื”ื˜ืจื“ืช ืขื“ื”. ืœืคื™ ืกื ื’ื•ืจื• ืขื•"ื“ ื’ื•ื ืŸ ื‘ืŸ ื™ืฆื—ืง, ื›ืœ ื”ืžืกืžื›ื™ื ื”ื ื•ื’ืขื™ื ืœืชื—ืงื™ืจ ื”ื•ื—ืžืจื• ื•ื›ืขืช ื”ื•ื ืžื’ื™ืฉ ื‘ืงืฉื” ืœื‘ื™ื”ืž"ืฉ ืœืžื ื•ืข ืžื”ืžืฉื˜ืจื” ื’ื™ืฉื” ืœื—ื•ืžืจื™ื. ืืช ื”ืกื™ืคื•ืจ ืคืจืกื ืœืจืืฉื•ื ื” >
Reply Retweet Like
Omer Levi Hevroni 23h
Replying to @lizrice @IanColdwater
Thanks, will look into that!
Reply Retweet Like
Omer Levi Hevroni Aug 2
Replying to @IanColdwater @lizrice
I should have ask the question better: how do I minimize the attack surface when a pod is compromised? What mitigations I can use? Already thinking about network policy etc, but also thinking about container escaping as the worst scenario
Reply Retweet Like
Omer Levi Hevroni retweeted
Simon Bennetts Aug 2
Suggestion: we standardize on defining MITM as "Manipulator In The Middle" - thoughts?
Reply Retweet Like
Omer Levi Hevroni Aug 2
Replying to @psiinon
Pretty good suggestion as it does not change the original attack name
Reply Retweet Like
Omer Levi Hevroni Aug 2
Replying to @ArielShuper
Yes, Seccomp/AppArmor is one of the things I am looking into now
Reply Retweet Like
Omer Levi Hevroni Aug 2
Replying to @mauilion
Wow! This is really awesome, combined with dockerslim, we can easily using CI pipelines to generate and deploy a policy. Nice!
Reply Retweet Like
Omer Levi Hevroni Aug 2
Replying to @mauilion
Yes, AppArmor/SecComp is something we are also looking into deploying... A bit complex to rollout, but we will work on that
Reply Retweet Like
Omer Levi Hevroni Aug 2
Replying to @lizrice @IanColdwater
Let's say "as safe as you can be"?
Reply Retweet Like
Omer Levi Hevroni Aug 1
Replying to @ArielShuper
We are running on GKE, they have their own specific isolation technics: definitely on my list, but right now I was more asking from "user" perspective, e.g. as an app developer.
Reply Retweet Like
Omer Levi Hevroni Aug 1
Replying to @lizrice @IanColdwater
Reply Retweet Like
Omer Levi Hevroni Aug 1
Hello feed! What's the latest on container escape mitigations on ? Reading a bit online, it seems that if (a) container is not running as root, (b) not mounting any host path and (c) everything is patched we are safe. Am I missing anything?
Reply Retweet Like
Omer Levi Hevroni Aug 1
ื—ื‘ืจื” ื ื›ื ืก ื”ืžืขื ืง ืฉืœ ื‘ื™ื‘ื™ ื–ื”ื• ื ื’ืžืจื• ื›ืœ ื”ืฆืจื•ืช ื‘ื—ื™ื™ื ืจืง ืžื—ืœ ืžืขื›ืฉื™ื• ื‘ืงืœืคื™
Reply Retweet Like
Omer Levi Hevroni retweeted
Dean Issacharoff Aug 1
ื™ืฉ ื”ืขืจื‘ ื™ื•ื–ืžื” ืžื“ื”ื™ืžื” ืฉืœ ืžื˜ืคืœื™ื ื•ืžื˜ืคืœื•ืช ื‘ืขืœื™ ื”ื›ืฉืจื” ืฉื”ืงื™ืžื• ืžืจื—ื‘ ื‘ื˜ื•ื— ืœืžืคื’ื™ื ื™ื ืฉื—ื•ื•ื™ื ืงืฉื™ื™ื ื ืคืฉื™ื™ื ื‘ืžื”ืœืš ื”ื”ืคื’ื ื” ืื• ืื—ืจื™ื”. ื˜ืงืกื˜ ืฉืœื”ื ื‘ืคืœื™ื™ืจ ืฉื ื—ืœืง ืœ3000 ืžืคื’ื™ื ื™ื ืœืฆื“ ื”ื–ื›ื•ื™ื•ืช ื”ื‘ืกื™ืกื™ื•ืช ืฉืœื›ื ื‘ืขืช ืžืขืฆืจ.
Reply Retweet Like
Omer Levi Hevroni Aug 1
Replying to @slootzky
ืด ืžื™ื›ืืœ ืžืจื“ื›ื™ ื‘ื™ื˜ื•ืŸ (ื ื•ืœื“ ื‘ื›"ื– ื‘ืฉื‘ื˜ ื”'ืชืฉ"ืœ, 3 ื‘ืคื‘ืจื•ืืจ 1970) ื”ื•ื ื”ืฉืจ ืœื ื•ืฉืื™ื ืื–ืจื—ื™ื™ื ื•ื—ื‘ืจืชื™ื™ื ื‘ืžืฉืจื“ ื”ื‘ื™ื˜ื—ื•ืŸ ืžื˜ืขื ืžืคืœื’ืช ื—ื•ืกืŸ ืœื™ืฉืจืืœ ื‘ืกื™ืขืช ื›ื—ื•ืœ ืœื‘ืŸ ื•ื‘ืขื‘ืจ ื—ื‘ืจ ื”ื›ื ืกืช ืžื˜ืขืžืŸืด ืื ื™ ื—ื•ืฉื‘ ืฉื–ื” ื”ื”ื“ื’ืžื” ื”ื›ื™ ื™ืคื” ืœื˜ืขื ื” ืฉืœืš
Reply Retweet Like