| Follow @lancinimarco | Subscribe to CloudSecList

Early last year, I wrote “On Establishing a Cloud Security Program”, outlining some advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based offering. The result can be found in a micro-website which contains the list of controls that can be rolled out to establish such cloud security program: A Cloud Security Roadmap Template.

Following that post, one question I got asked was: “That’s great, but how do you even know what to prioritize?

As you might have heard, at the end of January Docker started enforcing the license changes that were announced in August 2021.

Therefore, it was a good time to re-evaluate my setup (overall, I’ve been using Docker Desktop since I started learning about containers in 2017).

In this post, I’m going to document my setup, and how I’ve decided to replace Docker Desktop with minikube on my MacBook.

Back in April, I saw a post on the Cloudflare tech blog which explained how Auditable Terminal gives you a fully featured SSH client in your browser: you authenticate using Cloudflare Access, and can log into a computer - and get a terminal - just using a browser.

The post made me curious, but at the time I didn’t have capacity to look into it. Until now, when I decided to give it a go for my home lab.

Previous Articles

Introducing k8s-lab-plz: A modular Kubernetes Lab
Weekly Digests to Increase Visibility and Transparency
Automated GDrive Backups with ECS and S3
Automated Github Backups with ECS and S3
MUST READ On Establishing a Cloud Security Program    Cloud Security Strategies
Automating Cartography Deployments on Kubernetes    Continuous Visibility into Cloud Environments
Kubernetes Lab on Baremetal    Kubernetes Primer for Security Professionals
MUST READ Security Logging in Cloud Environments - GCP    Continuous Visibility into Cloud Environments
A Quick Look at GKE Autopilot (in 15 minutes)
MUST READ Security Logging in Cloud Environments - AWS    Continuous Visibility into Cloud Environments
Semgrep for Cloud Security
Introducing CloudSecDocs.com
Domain-Wide Delegation of Authority in GSuite    Continuous Visibility into Cloud Environments
MUST READ Tracking Moving Clouds: How to continuously track cloud assets with Cartography    Continuous Visibility into Cloud Environments
So I Heard You Want to Learn Kafka    Kubernetes Primer for Security Professionals
MUST READ The Current State of Kubernetes Threat Modelling    Kubernetes Primer for Security Professionals
Building a Serverless Mailing List in AWS
My Blogging Stack
Remote Development with a Chromebook in 2020
MUST READ Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography    Continuous Visibility into Cloud Environments
Cross Account Auditing in AWS and GCP    Continuous Visibility into Cloud Environments
Introducing CloudSecList.com
Deploy Your Own Kubernetes Lab    Kubernetes Primer for Security Professionals
Offensive Infrastructure: the HashiStack    Offensive Infrastructure with Modern Technologies
Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)
Red Teaming Mind Map from The Hacker Playbook 3
My Arsenal of Cloud Native (Security) Tools    Kubernetes Primer for Security Professionals
Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)
MUST READ So I Heard You Want to Learn Kubernetes    Kubernetes Primer for Security Professionals
GoScan v2
Offensive Infrastructure: Introduction to Consul    Offensive Infrastructure with Modern Technologies
Offensive ELK: Elasticsearch for Offensive Security
Robtex-Go: Go Client for the Robtex API
Introducing GoScan (aka a reason to learn Go)
Burp Pro as a Docker Container
Docker + Consul + Vault: A Practical Guide
Needle meets Jenkins: how to include Needle in your CI pipeline
Needle v1.0.0 released: new native agent and support for iOS 10
Needle V0.1.1 Released
iOS 9: Effective Jailbreak
Needle V0.0.4 Released
Needle Status Update
A quick intro to Needle
Introducing Needle