Comment
Author: Admin | 2025-04-28
Detection. For instance, we highlighted two detections below:Figure 14: Aqua’s Runtime Protection screenshot illustrating a detection of malicious shell command originating from a databaseIn Figure 14 above, you can see a detection of database program spawned a shell, indicating a suspicious behavior of databases running shell commands. The execution of the shell is also marked as malicious. You can see that it illustrates TCP connection and fetching the main payload.Figure 15: Aqua’s Runtime Protection screenshot illustrating crypto mining processSimilarly in Figure 15 above, you can see a DNS resolve request for a crypto pool and a communication to the cryptomining pool. Assaf is the Director of Threat Intelligence at Aqua Nautilus, where is responsible of acquiring threat intelligence related to software development life cycle in cloud native environments, supporting the team's data needs, and helping Aqua and the broader industry remain at the forefront of emerging threats and protective methodologies. His research has been featured in leading information security publications and journals worldwide, and he has presented at leading cybersecurity conferences. Notably, Assaf has also contributed to the development of the new MITRE ATT&CK Container Framework.Assaf recently completed recording a course for O’Reilly, focusing on cyber threat intelligence in cloud-native environments. The course covers both theoretical concepts and practical applications, providing valuable insights into the unique challenges and strategies associated with securing cloud-native infrastructures.
Add Comment