Simar Singh
Open Source Engineer @ AQUA SECURITY
Actions
Simar is an Open Source Engineer at Aqua. He works on projects that improve container security. He is also an avid open source contributor outside of work and currently maintains a few projects. While not in front of a computer screen, he likes to grow veggies, ride a bike and travel.
Links
Area of Expertise
Detecting Misconfigurations in your Cloud Infra with Rego
As more Cloud services emerge, the ability to safely deploy and manage the Cloud Native infrastructure diminishes. Misconfigurations can be costly as breaches occur. Therefore it has become paramount to ensure that cloud pipelines are not only defined correctly but also guarded against any future misconfigurations that can accidentally occur.
In this session we will show how users can leverage Rego, a popular declarative query language to detect misconfigurations in Cloud infrastructure platforms that are bootstrapped with popular Infrastructure-as-Code (IaC) tools such as Terraform and CloudFormation.
We will also showcase our open source project collection of already written Rego policies that are fit for safeguarding against many of the common use cases that we have observed to occur in real life industry scenarios.
Simplifying Cloud Native Scanning with AI
Today's Cloud Native Scanning tools are great, but sometimes they are too great to a point where humans in DevSecOps teams are unable to keep up with the amount of alerts that they generate.
In this session, we will focus on real life and practical Cloud Native scenarios that happen in the industry today and how we can improve them using AI. The session will demo several Open Source tools and libraries that take existing Cloud Native scanners and using the magic of AI enhance their abilities.
This talk will be aimed at the current and prospect users of Cloud Native scanning tools and no prior experience or knowledge about AI of any kind is required. The tools and libraries showcased are all available as Open Source Software.
The need for Automating Incident Response
Incident response teams are already drowning in alerts - and potentially are missing critical vulnerabilities. What usefulness there is to a security scanner which tells you there are thousands of vulnerabilities but you need to take the time to go fix them?
Extending visibility and responsibility to cloud native environments compounds this challenge faced by teams of weeding through huge volumes of alerts to determine which risks are the most urgent, and how best to respond to incidents.
This session will cover how security teams can use open source projects Trivy and Tracee along with Postee to better identify high risk cloud native events, orchestrate responses with other third party integrations based on these high-fidelity insights, and execute playbooks for more automated and effective incident analysis and handling processes.
We will cover a variety of use cases ranging from simple cases such as acting upon CVE detections when performing vulnerability scans with Trivy to more complex scenarios of runtime detection using eBPF with Tracee.
The session will focus on practical use case scenarios that are commonly observed in day to day situations. All sample configuration code will also be shared.
This presentation will be in English.
Helm misconfiguration scanning with Trivy in Harbor
Infrastructure-as-Code allows engineers to scan helm charts for misconfigurations prior to actually deploying any manifests to a K8s cluster. Trivy provides us with such capabilities to detect and analyze potential misconfigurations of helm charts with its built-in policies. Additionally, with the implementation of distribution spec v1.1, Harbor supports storing oci-compliant helm charts as artifacts. This talk will introduce the integration of helm chart misconfiguration scanning by leveraging Harbor project and its built-in scanner - Trivy.
Given the extensibility of harbor pluggable scanner spec v1.2, Harbor sends a POST request to Trivy, with some additional parameters. Trivy downloads the helm chart locally from a remote Harbor registry and scans for misconfiguration. The misconfiguration report will be fetched by Harbor, saving as an accessory in it, with a download link. This offers users a better understanding of the security of their helm charts.
eBPF+XDP = A DIY Firewall from Scratch
Have you ever wondered how your office blocks you going on Reddit from work? Well if you have, chances are that there's a firewall somewhere out there at play.
To truly understand it, we will write a very basic firewall from scratch. To keep things simple and understandable, we'll focus on the core concepts of eBPF and XDP and how they can be used to write a very simple IP based firewall.
Finally to wrap things up, the talk will conclude on ideas on how to extend your newly created firewall.
Code presented during the talk will be shared openly on GitHub.
SOAR with Postee: Automated Incident Response for Cloud Native Risks
Incident response teams are already drowning in alerts - and potentially are missing critical vulnerabilities. Extending visibility and responsibility to cloud native environments compounds this challenge faced by teams of weeding through huge volumes of alerts to determine which risks are the most urgent, and how best to respond to incidents.
This session will cover how security teams can use open source projects Tracee and Postee to better identify high risk cloud native events, orchestrate responses Cloud Native third party integrations based on these high-fidelity insights, and execute playbooks for more automated and effective incident analysis and handling processes.
We will discuss how using Postee Actions for integration of detection of malware and container runtime attacks into playbooks can help teams more quickly and accurately respond to critical incidents using third party integrations, rather than treating all alerts with the same degree of urgency.
Safeguard your CI/CD pipelines with eBPF
In this session, an overview will be presented on how you can use eBPF technology to safeguard your CI/CD pipelines to catch malicious behaviours that may get introduced as your software evolves.
The example for this talk will use Tracee, an Open Source project. We will show how to protect against supply chain attacks in a commonly used environment like GitHub Actions using another a very common technique (but also an attack vector) of making a Pull Request.
Why is my eBPF code slow?
A common problem while benchmarking eBPF code using language tools like pprof (Golang) is that a lot of the real work happens in kernel space, beyond the reach of the language profiler. As a result, the performance profile looks scarce and devoid of any valuable information.
In this session, viewers will be presented with new ways to benchmark their eBPF code. All techniques presented are derived from existing open source projects. For the purposes of this presentation, we will showcase a real life performance bottleneck we faced and share our learning from it as we narrowed the scope down.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top