A faint rustle breaks the stillness.
There—standing alone between the firs—is a small girl in a red wool cloak, hood pulled low, breath trembling in the cold.
A whisper of steel as Gord draws her sword, eyes narrowing.
The girl flinches.
"P-please… I’m lost…"
Rothütle throws Gord a quick, uneasy glance, then steps forward slowly, palms open.
"It’s alright," he says softly. "You’re safe. What happened?"
The girl wipes her eyes.
"I was bringing food to my grandmother. But I strayed from the trail… and something started following me."
Behind him, Gord moves in widening circles, boots silent on the frost. Her grip on the sword never loosens.
"What kind of something?" she asks without looking at the child—eyes fixed on the shifting treeline.
"I don’t know," t…
A faint rustle breaks the stillness.
There—standing alone between the firs—is a small girl in a red wool cloak, hood pulled low, breath trembling in the cold.
A whisper of steel as Gord draws her sword, eyes narrowing.
The girl flinches.
"P-please… I’m lost…"
Rothütle throws Gord a quick, uneasy glance, then steps forward slowly, palms open.
"It’s alright," he says softly. "You’re safe. What happened?"
The girl wipes her eyes.
"I was bringing food to my grandmother. But I strayed from the trail… and something started following me."
Behind him, Gord moves in widening circles, boots silent on the frost. Her grip on the sword never loosens.
"What kind of something?" she asks without looking at the child—eyes fixed on the shifting treeline.
"I don’t know," the girl whispers. "It stayed in the fog."
Rothütle kneels to meet her gaze.
"We’ll get you back to Oberried. Is that where your parents live?"
The child nods. He offers his hand. She takes it.
Gord walks beside them, blade still drawn, gaze slicing through every shadow. Not a moment of ease.
They delivered the girl to Oberried without incident.
Again, at the village edge, Gord scans the trees before entering.
"Now we need to go back the way we came," she says. "We’ve lost the daylight and the thing is still out there."
Rothütle, slightly concerned, nods.
"That was reassuring. Let’s find our new friend."
For the first time today, Gord smiles faintly.
"Let’s move."
Tip of the day: Not every anomaly is malicious — validate before reacting. But take threats seriously.
Security Tip #8: Threat Validation
The forest presents strange things: unexpected movement, figures where none should be, sounds that don’t belong. But not every anomaly is a threat. Still, you can’t risk ignoring them.
Set up alerts and monitoring to catch unusual activity, but always validate before escalating.
- CPU spikes,
- unexpected processes,
- strange network connections.
Prevent misuse of resources and possible attacks by preventing malicious activity at the kernel level. The word of the day is eBPF (extended Berkeley Packet Filter).
Example. Use Tetragon eBPF Security
Tetragon is an open-source eBPF-based security observability and runtime enforcement tool for Kubernetes. It can monitor system calls, network activity, and file operations in real-time, allowing you to detect and respond to suspicious behavior.
The following Tetragon policy blocks the execution of any binary located in the /tmp directory for pods labeled with app: dks. If a process attempts to execute a binary from this location, it will be terminated with a SIGKILL signal.
apiVersion: cilium.io/v1alpha1
kind: TracingPolicyNamespaced
metadata:
name: block-exec-from-tmp
spec:
podSelector:
matchLabels:
app: "dks"
kprobes:
- call: "security_bprm_check"
selectors:
- matchBinaries:
- operator: Prefix
values:
- "/tmp/"
matchActions:
- action: Sigkill
More on eBPF and Tetragon is available in my book Docker and Kubernetes Security, Chapter 8.
📘 Learn Docker and Kubernetes Security
My book Docker and Kubernetes Security is currently 40% off.
💬 Code: BLACKFOREST25
👉 To have the story delivered to your inbox every day in December, subscribe to my Medium publications.