Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DIY Kubernetes Pen Testing

Liz Rice
May 23, 2019
Technology
1
260

DIY Kubernetes Pen Testing

Check for insecure configurations with kube-hunter! This talk shows what kube-hunter is doing and how an attacker might take advantage of insecure configurations in a kubernetes cluster. You can watch a recording of this talk from KubeCon Barcelona here: https://www.youtube.com/watch?v=fVqCAUJiIn0

Liz Rice

May 23, 2019
Tweet

More Decks by Liz Rice

See All by Liz Rice
Unleashing the kernel with eBPF
lizrice
0
11
eBPF's Abilities and Limitations: The Truth
lizrice
0
27
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
11
When is a Secure Connection not encrypted? And other stories
lizrice
1
17
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
460
How Many Proxies Do You Need
lizrice
1
100
eBPF for Security Observability
lizrice
0
1k
Beginner's Guide to eBPF Programming for Networking
lizrice
1
2k
Contributing to Open Source - what's in it for my business?
lizrice
0
35

Other Decks in Technology

See All in Technology
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM and Prompt Engineering and Building Tutors
ks91
PRO
0
250
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
180
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
330
ユーザーストーリーのレビューを自動化したみたの
bun913
1
410
アクセス制御にまつわる改善 / Improving access control
itkq
0
500
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
430
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
160
web-application-security
matsuihidetoshi
0
120
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
170
反実仮想機械学習とは何か
usaito
PRO
8
3k
生産性向上チームの紹介
cybozuinsideout
PRO
1
850

Featured

See All Featured
Fireside Chat
paigeccino
21
2.6k
Web Components: a chance to create the future
zenorocha
305
41k
GraphQLとの向き合い方2022年版
quramy
32
12k
Adopting Sorbet at Scale
ufuk
68
8.6k
Typedesign – Prime Four
hannesfritz
36
2.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Designing Experiences People Love
moore
136
23k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
42k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k

Transcript

  1. None

  2. • • • • Image Jefferson Santos on Unsplash

  3. Image nmap.org

  4. None

  5. ▪ ▪ ▪ github.com/aquasecurity/kube-hunter

  6. Image mario on Flick

  7. Welcome to Club KubeCon Free entry! Show me your ID

    If you’re not on the list, you’re not coming in Image Channel 4

  8. Image Foundry Co from Pixabay

  9. Image Kerstin Riemer from Pixabay

  10. • curl <IP address>:8080 curl <IP address>:8080/api/v1 curl <IP address>:8080/api/v1/namespaces

    curl <IP address>:8080/api/v1/namespaces/default/pods

  11. • curl -k https://<IP address>:6443

  12. Image Pixabay

  13. • curl -k https://<IP address>:6443/swaggerapi curl -k https://<IP address>:6443/healthz curl

    -k https://<IP address>:6443/api/v1

  14. Image Rudy and Peter Skitterians on Pixabay

  15. Kubernetes cluster pod token API server

  16. → Image cocoparisienne on Pixabay

  17. None

  18. curl -k https://<IP address>:2379 curl -k https://<IP address>:2379/version

  19. None

  20. curl -k https://<IP address>:10250 curl -k https://<IP address>:10250/metrics curl -k

    https://<IP address>:10250/pods
  21. None
  22. None

  23. Kubernetes cluster pod token API server

  24. ▪ ▪

  25. Image Free-Photos on Pixabay

  26. Image IAOM-US on Pixabay

  27. @handler.subscribe(NewHostEvent) class PortDiscovery(Hunter): def execute(self): for p in default_ports: if

    self.test_connection(self.host, p): self.publish_event(OpenPortEvent(port=p))

  28. @handler.subscribe(OpenPortEvent, predicate= lambda x: x.port == 10255 or x.port ==

    10250) class KubeletDiscovery(Hunter): def get_read_access(self): r = requests.get("http://{host}:{port}/metrics") if r.status_code == 200: self.publish_event(ReadKubeletEvent())

  29. @handler.subscribe(ReadKubeletEvent) class ReadKubeletPortHunter(Hunter): def execute(self): k8s_version = self.get_k8s_version() if k8s_version:

    self.publish_event(K8sVersionDisclosure( version=k8s_version))

  30. class K8sVersionDisclosure(Vulnerability, Event): def __init__(self, version): Vulnerability.__init__(self, Kubelet, "K8s Version

    Disclosure", category=InformationDisclosure) self.evidence = version

  31. Image Rolf Johansson on Pixabay

  32. None