Linux & Cloud-Native & Security 101

I've collected some resources to help people learn the basics about Linux, Kubernetes, and containers, with a focus on security (from security best practices to attacking them) .

Linux

• A few drawings about Linux by Julia Evans: https://jvns.ca/blog/2016/11/10/a-few-drawings-about-linux/
• What Does “Everything Is a File” Mean in Linux? by Chris Hoffman: https://www.howtogeek.com/117939/htg-explains-what-everything-is-a-file-means-on-linux/
• 101 on Linux Distributions: https://linuxnewbieguide.org/overview-of-chapters/chapter-3-choosing-a-linux-distribution/
• What happens when you start a process on Linux? by Julia Evans: https://jvns.ca/blog/2016/10/04/exec-will-eat-your-brain/
• A Linux sysadmin's introduction to cgroups by Steve Owens: https://www.redhat.com/sysadmin/cgroups-part-one
• Linux comics zine by Julia Evans: https://jvns.ca/linux-comics-zine.pdf
• Linux tracing systems & how they fit together by Julia Evans: https://jvns.ca/blog/2017/07/05/linux-tracing-systems/
• Linux Performance resources from Brendan Gregg: http://brendangregg.com/linuxperf.html
• What is the Linux Auditing System (aka AuditD)? by Kelly Shortridge: https://capsule8.com/blog/auditd-what-is-the-linux-auditing-system/
• List of Linux kernel exploitation resources from Andrey Konovalov: https://github.com/xairy/linux-kernel-exploitation
• Millions of Binaries Later (on Linux hardening schemes) by Theofilos Petsios: https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
• Different Approaches to Linux Host Monitoring by Kelly Shortridge: https://capsule8.com/blog/different-approaches-to-linux-monitoring/
• Guide to Linux Privilege Escalation by Rashid Feroze: https://payatu.com/guide-linux-privilege-escalation
• How do groups work on Linux? by Julia Evans: https://jvns.ca/blog/2017/11/20/groups/
• Swapping, memory limits, and cgroups by Julia Evans: https://jvns.ca/blog/2017/02/17/mystery-swap/

Kubernetes

• Reasons Kubernetes is cool by Julia Evans: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/
• A few things I've learned about Kubernetes by Julia Evans: https://jvns.ca/blog/2017/06/04/learning-about-kubernetes/
• The Business Executive's Guide to Kubernetes by Jess Frazelle: https://blog.jessfraz.com/post/the-business-executives-guide-to-kubernetes/
• Kubernetes Up and Running from Microsoft (authwall): https://azure.microsoft.com/en-us/resources/kubernetes-up-and-running/
• The Future of Kubernetes Attacks by Ian Coldwater & Brad Geesaman (video): https://www.youtube.com/watch?time_continue=2&v=CH7S5rE3j8w&feature=emb_logo
• A Hacker's Guide to Kubernetes and the Cloud by Rory McCune (video): https://www.youtube.com/watch?v=dxKpCO2dAy8
• Kubernetes Security - Best Practice Guide by Simon Pirschel: https://github.com/freach/kubernetes-security-best-practice
• Kubernetes Threat Model from Kubernetes: https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Threat%20Model.pdf
• Kubernetes Attack Tree from CNCF: https://github.com/cncf/financial-user-group/tree/master/projects/k8s-threat-model
• Shoring Up Kubernetes Security by Ian Coldwater: https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1541608899.pdf
• Hacking into Kubernetes Security for Beginners by Ellen Körbes & Tabitha Sable https://www.youtube.com/watch?v=mLsCm9GVIQg

Containers

• What are containers and their benefits from Google Cloud: https://cloud.google.com/containers
• What even is a container: namespaces and cgroups by Julia Evans: https://jvns.ca/blog/2016/10/10/what-even-is-a-container/
• The Container Operator's Manual by Alice Goldfuss (video): https://www.youtube.com/watch?v=zGw_xKF47T0
• How Containers Work by Julia Evans (paywall): https://wizardzines.com/zines/containers/
• How containers work: overlayfs by Julia Evans: https://jvns.ca/blog/2019/11/18/how-containers-work--overlayfs/
• OWASP Top 10 for Docker Security: https://github.com/OWASP/Docker-Security
• NIST's Application Container Security Guide: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-190.pdf
• Ten Layers of Container Security from RedHat: https://www.redhat.com/cms/managed-files/cl-container-security-openshift-cloud-devops-tech-detail-f7530kc-201705-en.pdf
• Exploring container security: An overview by Maya Kaczorowski: https://cloud.google.com/blog/products/gcp/exploring-container-security-an-overview
• Preventing Attacks at Scale by Dino Dai Zovi (video): https://www.youtube.com/watch?v=P8891Z_uj-0
• Security for the modern age by Jess Frazelle: https://blog.jessfraz.com/pdf/security-for-the-modern-age.pdf
• Container infrastructure keynote: Containers Should Contain…Right? by Maya Kaczorowski (video): https://www.youtube.com/watch?v=STET_b2DzGA
• The Reality of Container Escapes (written interview with Brandon Edwards): https://www.helpnetsecurity.com/2019/03/12/container-escapes/
• An Exercise in Practical Container Escapology by Brandon Edwards & Nick Freeman: https://capsule8.com/blog/practical-container-escape-exercise/
• Runtimes and the Curse of the Privileged Container by Christian Brauner: https://brauner.github.io/2019/02/12/privileged-containers.html
• Containers, Security, and Echo Chambers by Jess Frazelle: https://blog.jessfraz.com/post/containers-security-and-echo-chambers/
• Evolving Container Security With Linux User Namespaces from Netflix: https://netflixtechblog.com/evolving-container-security-with-linux-user-namespaces-afbe3308c082

Other Cloud-native Topics

• Introduction to Google Cloud Functions by Adrian Ancona Novelo: https://ncona.com/2020/11/introduction-to-google-cloud-functions/
• The Complete AWS Lambda Handbook for Beginners (Part 1) by Taavi Rehemägi: https://dashbird.io/blog/complete-aws-lambda-handbook-beginners-part-1/