| Follow @lancinimarco | Subscribe to CloudSecList

In “Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography” I described the process I undertook to deploy Cartography in a multi-cloud environment, from inception to self-service dashboards for data consumption.

Now, I’m going to open source an automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine.

In “Deploy Your Own Kubernetes Lab” I covered multiple deployment options for a Kubernetes lab, ranging from more lightweight (like running Kubernetes locally) to more realistic ones (like deploying a multi-node cluster) suitable for security research.

In this blog post, I’m going to detail the steps I took to deploy my own Kubernetes Lab on baremetal, and on an Intel NUC in particular.

If you had to architect a multi-account security logging strategy, where should you start?

This blog, part of the “Continuous Visibility into Ephemeral Cloud Environments” series, will describe a design for a state of the art multi-account security-related logging platform in GCP.

A previous post covered a similar setup for AWS, hence I tried to follow the same structure here. A later post will cover a setup for Kubernetes instead.

Previous Articles

Semgrep for Cloud Security
Introducing CloudSecDocs.com
Domain-Wide Delegation of Authority in GSuite
Tracking Moving Clouds: How to continuously track cloud assets with Cartography    MUST READ
So I Heard You Want to Learn Kafka    MUST READ
The Current State of Kubernetes Threat Modelling    MUST READ
Building a Serverless Mailing List in AWS
My Blogging Stack
Remote Development with a Chromebook in 2020
Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography    MUST READ
Cross Account Auditing in AWS and GCP    MUST READ
Introducing CloudSecList.com
Deploy Your Own Kubernetes Lab
Offensive Infrastructure: the HashiStack
Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)
Red Teaming Mind Map from The Hacker Playbook 3
My Arsenal of Cloud Native (Security) Tools
Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)
So I Heard You Want to Learn Kubernetes    MUST READ
GoScan v2
Offensive Infrastructure: Introduction to Consul
Offensive ELK: Elasticsearch for Offensive Security    MUST READ
Robtex-Go: Go Client for the Robtex API
Introducing GoScan (aka a reason to learn Go)
Burp Pro as a Docker Container
Docker + Consul + Vault: A Practical Guide
Needle meets Jenkins: how to include Needle in your CI pipeline
Needle v1.0.0 released: new native agent and support for iOS 10
Needle V0.1.1 Released
iOS 9: Effective Jailbreak
Needle V0.0.4 Released
Needle Status Update
A quick intro to Needle
Introducing Needle