Make runtime monitoring testable, fix image sizes to be more readable

lab/bin/reset-environment

@@ -52,6 +52,8 @@ fi
 
 kubectl delete pod load-generator --ignore-not-found > /dev/null
 
+kubectl delete namespace other --ignore-not-found > /dev/null
+
 kubectl apply -k $base_path --prune --all \
   --prune-whitelist=autoscaling/v1/HorizontalPodAutoscaler \
   --prune-whitelist=core/v1/Service \

website/docs/security/guardduty/runtime-monitoring/crypto-runtime.md

@@ -5,41 +5,34 @@ sidebar_position: 141
 
 This finding indicates that a container tried to do a cryto mining inside a Pod.
 
-To simulate the finding we'll be running a `ubuntu` image Pod in the `default` Namespace using the interactive mode, and from there run a couple of commands to start a crypto mining process, as an attacker would do.
+To simulate the finding we'll be running a `ubuntu` image Pod in the `default` namespace and from there run a couple of commands to simulate downloading a crypto mining process.
 
-Run the below command to run the Pod in an interactive mode.
+Run the below command to start the Pod:
 
 ```bash
-$ kubectl run -ti crypto --image ubuntu --rm --restart=Never
-If you don't see a command prompt, try pressing enter.
-root@crypto:/# 
+$ kubectl run crypto --namespace other --image ubuntu --restart=Never --command -- sleep infinity
 ```
 
-Inside the Pod, run the following commands to simulate a crypto miniing process.
+Next we can use `kubectl exec` to run a series of commands inside the Pod. First lets install the `curl` utility:
 
 ```bash
-$ apt update && apt install -y curl
-$ curl -s http://pool.minergate.com/zaq12wsxcde34rfvbgt56yhnmju78iklo90p > /dev/null &
-$ curl -s http://xmr.pool.minergate.com/p09olki87ujmnhy65tgbvfr43edcxsw21qaz  > /dev/null &
+$ kubectl exec crypto -n other -- bash -c 'apt update && apt install -y curl'
 ```
 
-These commands will trigger three different findings in the [GuardDuty Findings console](https://console.aws.amazon.com/guardduty/home#/findings).
+Next lets download the crypto mining process but dump the output to `/dev/null`:
 
-First one is `Execution:Runtime/NewBinaryExecuted`, which is related to the `curl` package installating via APT tool.
-
-![](assets/binary-execution.png)
+```bash
+$ kubectl exec crypto -n other -- bash -c 'curl -s http://pool.minergate.com/zaq12wsxcde34rfvbgt56yhnmju78iklo90p > /dev/null'
+```
 
-Take a closer look to the details of this findings, because they are related to the GuardDuty Runtime monitoring, it shows specific information regarding the Runtime, Context, and Processes.
+These commands will trigger two different findings in the [GuardDuty Findings console](https://console.aws.amazon.com/guardduty/home#/findings).
 
-Second and third ones, are `CryptoCurrency:Runtime/BitcoinTool.B!DNS` findings. Notice again that the finding details brings different information, this time showing the DNS_REQUEST action, and the **Threat inteligene Evidences**.
+The first one is `Execution:Runtime/NewBinaryExecuted` which is related to the `curl` package installating via the APT tool.
 
-![](assets/crypto-runtime.png)
+![](assets/binary-execution.png)
 
+Take a closer look to the details of this finding, which because they are related to the GuardDuty runtime monitoring show specific information regarding the runtime, context, and processes.
 
-To cleanup, just exit the Pod, and it should be deleted aftewards.
+The second is `CryptoCurrency:Runtime/BitcoinTool.B!DNS` findings. Notice again that the finding details brings different information, this time showing the `DNS_REQUEST` action, and the **Threat intelligence Evidences**.
 
-```bash
-$ root@crypto:/# exit
-exit
-pod "crypto" deleted
-```
+![](assets/crypto-runtime.png)