Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes from an Attacker's Perspective - fwd:CloudSec 2020

Kubernetes from an Attacker's Perspective - fwd:CloudSec 2020

Kubernetes is everywhere, a container orchestration platform that is actively supported by all major cloud providers and adopted by companies across size and scale. However, the distributed nature of the system at its core has new and interesting security implications that cannot be tested using conventional tools and techniques.

This talk is aimed for anyone interested in exploring the depths of Kubernetes security from an attacker's perspective including DevSecOps Teams looking to defend against attacker tools and techniques.

The session will provide a high-level overview of Kubernetes architecture from an attacker's perspective i.e. what can be attacked. Subsequently look at, through demos, modern attacker tools and techniques using various real-world scenarios for attacking applications and components in a Kubernetes cluster.

Abhisek Datta

June 30, 2020

More Decks by Abhisek Datta

Other Decks in Technology


  1. Kubernetes From an Attacker's Perspective Abhisek Datta Head, Security Products

  2. fwd:cloudsec 2020 https://fwdcloudsec.org/

  3. About Me – Abhisek Datta • Head, Security Products (appsecco.com)

    • Application & Cloud Security • Kubernetes Security • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in enterprise software and credited with CVE • Open Source Contributor • https://github.com/abhisek @abh1sek on Twitter
  4. 1. A quick introduction to Kubernetes 2. Kubernetes from an

    Attacker's Perspective 3. Attacking Kubernetes (Scenario) Key Take Away
  5. Kubernetes Architecture https://v1-16.docs.kubernetes.io/docs/concepts/overview/components/

  6. Kubernetes: From an Attacker's Perspective https://v1-16.docs.kubernetes.io/docs/concepts/overview/components/

  7. A Simple Threat Model WHO ARE THE ATTACKERS? WHAT CAN

  8. A Simple Threat Model Detailed Threat Model available from CNCF/TOB

  9. Demo(s)

  10. • Check out my slides on Kubernetes 101 for Penetration

    Testers – Meant as a reference to do hands-on • https://speakerdeck.com/abhisek/kubernetes-101-for-penetration-testers-null-mumbai • Try out Appsecco's free training labs on Docker & Kubernetes security • https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes- clusters • Try out Kubernetes Goat by @madhuakula • https://github.com/madhuakula/kubernetes-goat Getting Started with Kubernetes Penetration Test
  11. Kubernetes ATT&CK Matrix https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/

  12. • The Illustrated Children's Guide to Kubernetes • https://www.cncf.io/the-childrens-illustrated-guide-to-kubernetes/ •

    Get started with learning Docker (Containers) • https://www.katacoda.com/courses/docker • Get started with learning Kubernetes using Katacoda • https://www.katacoda.com/courses/kubernetes • Attacking and Auditing Docker Containers and Kubernetes Clusters – Our recently released training material • https://bit.ly/k8s-pentesting Useful Resources
  13. • Hacker Container for Kubernetes Security Assessments • Hacking and

    Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec • Advanced Persistent Threats: The Future of Kubernetes Attacks • Kubernetes From an Attacker's Perspective — OWASP Bay Area Meetup • CIS Benchmark for Kubernetes • aquasecurity/kube-hunter: Hunt for security weaknesses in Kubernetes clusters • aquasecurity/kube-bench: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark • kelseyhightower/kubernetes-the-hard-way: Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts. More Useful Resources..
  14. • https://www.cisecurity.org/benchmark/docker/ • https://www.cisecurity.org/benchmark/kubernetes/ • https://cloud.google.com/kubernetes- engine/docs/concepts/cis-benchmarks • https://www.cisecurity.org/benchmark/ubuntu_linux/ (Relevant)

    CIS Benchmarks
  15. Thank You Keep Learning https://twitter.com/abh1sek https://github.com/abhisek Please provide feedback https://bit.ly/fwdcs-13