Hey! alxk is an infrastructure and security engineer. He likes writing tools, automating security and following the tech scene. During downtime he travels a bit randomly and reads history and hard SciFi.

⚐ Talks.
  • GitOops! All Paths Lead To Clouds (BSides London)
  • Client-side attacks for Red Teams (DC4420, unrecorded)
  • Neo4j Live: GitOops

♨ Tools and projects.
  • gitoops (GitHub attack path mapping)
  • iam-service-account-controller (k8s controller)
  • kiss (k8s secret management)
  • Bug Bounty Recon (bbrecon)
  • DNS Rebinding Exploitation Framework (dref)
  • mailspoof
  • netmap.js
  • Kubernetes Lab (k8s from Terraform/Ansible)

✍ Posts.

  • GitOops! Attacking and defending CI/CD pipelines
    28 Sep 2021
  • Terraform Plan RCE
    11 May 2021
  • Security advantages of pull-based CD pipelines
    4 Jan 2020
  • kubelet: anonymous to cluster-admin
    9 Jan 2019
  • Revisiting Email Spoofing
    31 Dec 2018
  • Security-focused CI/CD Pipeline
    1 Dec 2018
  • Minikube RCE & VM Escape
    11 Oct 2018
  • DNS Rebinding Headless Browsers
    23 Aug 2018
© 2022 Alex Kaskasoli