sant125/cks-security

# CKS 安全 Estudos para CKS (Certified Kubernetes Security Specialist) com base em incidentes reais, hardening e ferramentas de runtime security. ## 内容 - `serviceaccount/` — ServiceAccount tokens, projected volumes, TokenRequest API - `runtime-security/` — Falco, detecção de ameaças em containers - `hardening/` — CIS benchmark, sysctl, SSH - `incidents/` — Casos reais documentados ## 参考事件 - [2026-04-20 — RCE em container Next.js (IPGC)](incidents/2026-04-20-ipgc-rce.md)

标签：AMSI绕过, CIS 基准, CKS, Cutter, DevSecOps, Falco, GitHub Advanced Security, K8s 安全最佳实践, Kubernetes 安全, Kubernetes 审计, Kubernetes 漏洞, Kubernetes 防护, Next.js RCE, ServiceAccount, SSH 硬化, Sysctl, TokenRequest API, Web截图, 上游代理, 威胁检测, 子域名突变, 安全加固, 安全加固指南, 安全基线, 容器安全, 容器运行时, 容器逃逸, 投影卷, 敏感词过滤, 教学环境, 服务账户, 案例研究, 模型鲁棒性, 真实事件, 证书管理, 运行时保护, 运行时威胁, 运行时检测, 防御加固