In this session, Dynatrace security researcher Mario Kahlhofer @mario_kahlhofer demonstrates security use cases from both the attacker and defender side using the open-source application Unguard.

Mario shows how an attacker:

Conducts target reconnaissance using open source fuzzers wfuzz and commix
Gains access to the insecure Unguard application into the Kubernetes cluster
Gains persistence using a reverse shell
Maps the cluster, finding an insecure Redis server
Completes the compromise by dumping information in Redis

Mario then demonstrates how a Defender can:

Use Dynatrace to see the distributed trace information for indicators of compromise
Use Dynatrace to efficiently categorize where to look for compromises
Use Dynatrace and Falco to see, in realtime, how an attack took place and what commands the attacker executed
Use Dynatrace for post-incident forensic review – to understand the attack timeline

Links discussed in this webinar:
Unguard: https://github.com/dynatrace-oss/unguard 
Falco: https://falco.org/ 
MITRE Att*ck: https://attack.mitre.org/ 

The recording is also available on the Dynatrace University: LINK

- - - 
Subscribe to our YT channel 
Stay up-to-date with Dynatrace! Follow us on Facebook, Instagram, LinkedIn, Twitter, Twitch