Skip to content

Instantly share code, notes, and snippets.

View nyrahul's full-sized avatar
🐞

Rahul Jadhav nyrahul

🐞
114 followers · 20 following
  • AccuKnox
View GitHub Profile
@raviknox
raviknox / kubeshield.md
Last active June 17, 2025 07:51
In-Cluster Image Scanning with Helm

In-Cluster Image Scanning with Helm

AccuKnox offers an in-cluster container image scanning solution designed to periodically inspect container images deployed within your Kubernetes (K8s) environment. This automated scanning process detects known vulnerabilities, promoting compliance and enhancing your cluster’s overall security. All scan results, including detailed vulnerability insights, are automatically sent to the AccuKnox Control Plane, where they can be viewed and managed through an intuitive user interface.

🛠 Installation Guide

Follow these steps to deploy the in-cluster image scanner using Helm:

1. Create a Label

@nyrahul
nyrahul / ai-security-bookmarks.md
Last active August 5, 2024 13:26
AI Security bookmarks

Public sources

Title Type Date Comment
AI-Exploits code A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
LLM-Guard code The Security Toolkit for LLM Interactions
Garak code LLM vulnerability scanner
NIST AI RMF Playbook doc NST AI RM Playbook
MITRE ATLAS doc Adversarial Threat Landscape for AI Systems
NIST AI 100-2e2023 doc Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations
@nyrahul
nyrahul / kubetls-report.txt
Last active June 21, 2023 13:25
| Name | Address | Status | Version | Ciphersuite | Hash | Signature | Verification |
| ------------------------------------------------------------------------------------- | -------------------- | ---------- | ------- | ---------------------------- | ------ | --------- | -------------------------------------------- |
| accuknox-agents/agents-operator[health-check] | 172.20.183.36:9090 | PLAIN_TEXT | | | | | |
| accuknox-agents/agents-operator[spire-agent] | 172.20.183.36:9091 | PLAIN_TEXT | | | | | |
| accuknox-agents/discovery-engine
@nyrahul
nyrahul / imp-git-cmds.sh
Last active March 14, 2022 15:28
git commands
# Backporting to a branch by cherry-picking from the upstream/stable branch
git fetch upstream
git checkout upstream/v0.2 # verify if the tip is same as that of the branch you expect by comparing sha hash
git switch -c gke-cos-fix
git cherry-pick e2737efa975198efde13a48435cc994daa3ba018 # substitute with your commit of interest
git push origin gke-cos-fix # push the branch to your origin repo
# Go to github UI and raise PR to the v0.2 branch
# Pull PR locally and test
git fetch upstream pull/37/head:mybranch
@nyrahul
nyrahul / cdump.sh
Created April 16, 2021 18:55
tcpdump for pod controlled by cilium
#!/bin/bash
# Usage: $0 <pod> [tcpdump-filter]
[[ "$1" == "" ]] && echo "Usage: $0 <pod> [tcpdump-filter]" && exit 1
ep_id=`kubectl get cep -A -o jsonpath="{.items[?(@.metadata.name==\"$1\")].status.id}"`
iface=`cilium endpoint get $ep_id -o jsonpath="{[*].status.networking.interface-name}"`
shift
@nyrahul
nyrahul / idspoof.py
Created December 31, 2020 11:51
Spoofing Cilium identity value in vxlan tunneled mode
#! /usr/bin/env python
# Aim of this script is to send a vxlan tunneled HTTP request with spoofed
# identity and pass through the authz checks implemented in cilium-ebpf.
# Configuration you need to set correct:
# 1. The target pod address (dip, dport) to which you want to make unauthorized access
# 2. The source identity (identity = 8849 below) to spoof. Use `cilium identity
# list` to check valid identity values.
# 3. The target node's vxlan IP address (vxlan_ip) and port (vxlan_port = 8472
@nyrahul
nyrahul / log_timestamp_perf.c
Created May 27, 2020 02:10
Measures impact of fancy timestamps in logging
/*
gtd format: ss:usec ... raw time of day format .. difficult to read ..
whitefield format: ss:ms .. eases timestamp reading cuz ms format used
cooja format: hh:mm:ss.ms ... most easiest to read
./a.out 7 // show sample test of all timestamps with print
./a.out 1 1 // perf-test gettimeofday only
./a.out 2 1 // perf-test whitefield style
./a.out 4 1 // perf-test cooja style
@nyrahul
nyrahul / Makefile
Last active April 10, 2019 10:39
Makefile trick: disable verbose compilation .. enable verbose only if 'make V=1'
CC=gcc
AR=ar
V = 0
ACTUAL_CC := $(CC)
CC_0 = @echo "CC [$<]"; $(ACTUAL_CC)
CC_1 = $(ACTUAL_CC)
CC = $(CC_$(V))
ACTUAL_AR := $(AR)
@nyrahul
nyrahul / ripple.clang-tidy
Created April 8, 2019 03:58
Checks: '-*,readability-identifier-naming'
CheckOptions:
- { key: readability-identifier-naming.NamespaceCase, value: lower_case }
- { key: readability-identifier-naming.ClassCase, value: CamelCase }
- { key: readability-identifier-naming.PrivateMemberPrefix, value: m_ }
- { key: readability-identifier-naming.StructCase, value: CamelCase }
- { key: readability-identifier-naming.FunctionCase, value: CamelCase }
- { key: readability-identifier-naming.VariableCase, value: camelBack }
- { key: readability-identifier-naming.GlobalConstantCase, value: UPPER_CASE }
- { key: readability-identifier-naming.GlobalVariableCase, value: camelBack }
@nyrahul
nyrahul / ripple.clang-format
Last active April 26, 2019 09:51
---
Language: Cpp
# BasedOnStyle: WebKit
AccessModifierOffset: -4
AlignAfterOpenBracket: true
AlignConsecutiveAssignments: true
AlignConsecutiveDeclarations: true
AlignEscapedNewlinesLeft: false
AlignOperands: true
AlignTrailingComments: true