I’m using Postgres for my DNS log service. I only store data for 90 days. To delete data, my strategy is to use partitions based on month. At the start of every month, I drop one partition.
I am not sure of this is the best way to do this, but it works for me.
The only pain point I have is the search. Understandable, the emails are encrypted and search has to be done on the client. That works when using the web hi as you have the option to index all emails.
Would it be be trivial to have a init container to do CA injection? Maybe though mutating admission controller? Then some CNI magic to redirect outbound traffic to do transparent proxying?
Just because you cannot see how a vulnerability can be exploited does not mean that others can. As you describe, people seem to assume that the only way the config file ends up on the server is «physically» editing it.
An anecdote: I have been struggling with exploiting a product that relies on MongoDb, I can replace the configuration file, but gaining RCE is not supported «functionality» in the embedded version as the __exec option came in a newer version.
It is strange how EVs are measured by how far they can go full charge when this is a metric I never have seen for fossile cars. It tells a story how inconvenient EVs or the charging network really is
You are actually more likely to buy a car just after you have bought a car than the 10 years you did not need to buy a car. Maybe not cars, but I’ve heard this argument for kitchen appliances. If you for some reason return the item you just bought, you may buy what you get ads for. Maybe you regret you did not get the premium one, especially when they shove it in your face afterwards…
After thinking of it for a while, I do not think it is such a big issue. The threat actor was probably an adversary to existing huntress customers and the EDR probably reacted to his tooling and mistakes.
When doing red team engagements, we do the same, install same security solutions as the customer and work around it. It could be what happened here?
That the analysts spotted him and were able to connect it to existing cases is just good craftsmanship.
I no longer feel that it’s relevant to discuss a red line here. Huntress just did their job.
I am not sure of this is the best way to do this, but it works for me.