Kubernetes from an Attacker's Perspective - fwd:CloudSec 2020

Kubernetes from an Attacker's Perspective - fwd:CloudSec 2020

Kubernetes is everywhere, a container orchestration platform that is actively supported by all major cloud providers and adopted by companies across size and scale. However, the distributed nature of the system at its core has new and interesting security implications that cannot be tested using conventional tools and techniques.

This talk is aimed for anyone interested in exploring the depths of Kubernetes security from an attacker's perspective including DevSecOps Teams looking to defend against attacker tools and techniques.

The session will provide a high-level overview of Kubernetes architecture from an attacker's perspective i.e. what can be attacked. Subsequently look at, through demos, modern attacker tools and techniques using various real-world scenarios for attacking applications and components in a Kubernetes cluster.

B377914eb25c288ba77475f191618a7e?s=128

Abhisek Datta

June 30, 2020
Tweet

Transcript

  1. 3.

    About Me – Abhisek Datta • Head, Security Products (appsecco.com)

    • Application & Cloud Security • Kubernetes Security • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in enterprise software and credited with CVE • Open Source Contributor • https://github.com/abhisek @abh1sek on Twitter
  2. 4.

    1. A quick introduction to Kubernetes 2. Kubernetes from an

    Attacker's Perspective 3. Attacking Kubernetes (Scenario) Key Take Away
  3. 7.

    A Simple Threat Model WHO ARE THE ATTACKERS? WHAT CAN

    THEY ATTACK? HOW CAN THEY ATTACK?
  4. 8.

    A Simple Threat Model Detailed Threat Model available from CNCF/TOB

    https://github.com/kubernetes/community/tree/master/wg-security-audit
  5. 9.
  6. 10.

    • Check out my slides on Kubernetes 101 for Penetration

    Testers – Meant as a reference to do hands-on • https://speakerdeck.com/abhisek/kubernetes-101-for-penetration-testers-null-mumbai • Try out Appsecco's free training labs on Docker & Kubernetes security • https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes- clusters • Try out Kubernetes Goat by @madhuakula • https://github.com/madhuakula/kubernetes-goat Getting Started with Kubernetes Penetration Test
  7. 12.

    • The Illustrated Children's Guide to Kubernetes • https://www.cncf.io/the-childrens-illustrated-guide-to-kubernetes/ •

    Get started with learning Docker (Containers) • https://www.katacoda.com/courses/docker • Get started with learning Kubernetes using Katacoda • https://www.katacoda.com/courses/kubernetes • Attacking and Auditing Docker Containers and Kubernetes Clusters – Our recently released training material • https://bit.ly/k8s-pentesting Useful Resources
  8. 13.

    • Hacker Container for Kubernetes Security Assessments • Hacking and

    Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec • Advanced Persistent Threats: The Future of Kubernetes Attacks • Kubernetes From an Attacker's Perspective — OWASP Bay Area Meetup • CIS Benchmark for Kubernetes • aquasecurity/kube-hunter: Hunt for security weaknesses in Kubernetes clusters • aquasecurity/kube-bench: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark • kelseyhightower/kubernetes-the-hard-way: Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts. More Useful Resources..