Interactive Kubernetes Security Learning Playground - Kubernetes Goat @ Black Hat Asia 2023 Arsenal

Transcript

1. #BHASIA @BlackHatEvents Interactive Kubernetes Security Learning Playground - Kubernetes Goat

   Madhu Akula @madhuakula

2. # BHASIA @BlackHatEvents Information Classification: General 👉 Pragmatic Security Leader,

   working on Cloud Native Infra, Security, & Startups 👉 Creator of Kubernetes Goat, Hacker Container, tools.tldr.run, other projects. 👉 Speaks & Trains at Black Hat (USA, EU, Asia), DEF CON, GitHub, USENIX, OWASP, All Day DevOps, SANS, DevSecCon, CNCF, c0c0n, Nullcon, null, many others around the globe. 👉 Author of Security Automation with Ansible2, OWASP KSTG, whitepapers, etc. 👉 Technical reviewer (multiple books) & Review board member of multiple conferences, organizations, communities, advisory, etc. 👉 Found security vulnerabilities in 200+ organizations & products: Google, Microsoft, AT&T, Adobe, WordPress, Ntop, Cloudflare, Yahoo, LocalBitcoins, etc. 👉 Certified Kubernetes(CKA/CKS), Offensive Security Certified Professional, etc. 👉 Never ending learner! About Me 😊 @madhuakula

3. # BHASIA @BlackHatEvents Information Classification: General What is Docker? https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/#going-back-in-time

   @madhuakula

4. # BHASIA @BlackHatEvents Information Classification: General What is Docker? •

   Docker is an open source platform for building, deploying, and managing containerized applications • Docker became the de facto standard to build and share containerized apps - from desktop, to the cloud, even edge devices • Docker enables developers to easily pack, ship, and run any application as a lightweight, portable, self-sufficient container, which can run virtually anywhere https://docs.docker.com/get-started/overview/ @madhuakula

5. # BHASIA @BlackHatEvents Information Classification: General What is Kubernetes? Kubernetes

   is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available. https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/ @madhuakula

6. # BHASIA @BlackHatEvents Information Classification: General What is Kubernetes? @madhuakula

7. # BHASIA @BlackHatEvents Information Classification: General The illustrated children's guide

   to Kubernetes https://www.youtube.com/watch?v=3I9PkvZ80BQ @madhuakula

8. # BHASIA @BlackHatEvents Information Classification: General Why Kubernetes Security? @madhuakula

   @madhuakula

9. # BHASIA @BlackHatEvents Information Classification: General 📚 Kubernetes Security -

   Layers & Areas @madhuakula

10. # BHASIA @BlackHatEvents Information Classification: General How can we learn

    and practice this? @madhuakula

11. # BHASIA @BlackHatEvents Information Classification: General What is Kubernetes Goat

    🐐 @madhuakula

12. # BHASIA @BlackHatEvents Information Classification: General Kubernetes Goat has intentionally

    created vulnerabilities, applications, and configurations to attack and gain access to your cluster and workloads. Please DO NOT run alongside your production environments and infrastructure. So we highly recommend running this in a safe and isolated environment. Kubernetes Goat is used for educational purposes only, do not test or apply these attacks on any systems without permission. Kubernetes Goat comes with absolutely no warranties, by using it you take full responsibility for all the outcomes. 🚨 Disclaimer @madhuakula

13. # BHASIA @BlackHatEvents Information Classification: General Can I use Kubernetes

    Goat 🤔 Kubernetes Goat is intended for a variety of audiences and end-users. Which includes hackers, attackers, defenders, developers, architects, DevOps teams, engineers, researchers, products, vendors, and anyone interested in learning about Kubernetes Security. Below are some of the very high-level categories of audience 💥 Attackers & Red Teams 🛡 Defenders & Blue Teams 🧰 Products & Vendors 🔐 Developers & DevOps Teams 💡 Interested in Kubernetes Security @madhuakula

14. # BHASIA @BlackHatEvents Information Classification: General 🔥 Kubernetes Goat Audience

    @madhuakula

15. # BHASIA @BlackHatEvents Information Classification: General Scenarios 🚀 1. Sensitive

    keys in codebases 2. DIND (docker-in-docker) exploitation 3. SSRF in the Kubernetes (K8S) world 4. Container escape to the host system 5. Docker CIS benchmarks analysis 6. Kubernetes CIS benchmarks analysis 7. Attacking private registry 8. NodePort exposed services 9. Helm v2 tiller to PwN the cluster - [Deprecated] 10. Analyzing crypto miner container 11. Kubernetes namespaces bypass 12. Gaining environment information 13. DoS the Memory/CPU resources 14. Hacker container preview 15. Hidden in layers 16. RBAC least privileges misconfiguration 17. KubeAudit - Audit Kubernetes clusters 18. Falco - Runtime security monitoring & detection 19. Popeye - A Kubernetes cluster sanitizer 20. Secure network boundaries using NSP 21. Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement 22. Securing Kubernetes Clusters using Kyverno Policy Engine More scenarios releasing soon… ❤ @madhuakula

16. # BHASIA @BlackHatEvents Information Classification: General ☸ Vanilla Kubernetes Cluster

    ☁ AWS Kubernetes (EKS) ☁ GCP Kubernetes (GKE) ☁ Azure Kubernetes (AKS) ☸ Kubernetes IN Docker (KiND) ☸ Lightweight Kubernetes (K3S) - Coming soon 👀 ☸ Digital Ocean, Vagrant, Many others… ⚙ How can I setup @madhuakula

17. # BHASIA @BlackHatEvents Information Classification: General • Make sure you

    have Kubernetes cluster with cluster-admin privileges. Also kubectl and helm installed in your system before running the following commands to setup the Kubernetes Goat ⎈ Setting up in your Cluster • Now you can access the Kubernetes Goat by navigating to http://127.0.0.1:1234 @madhuakula

18. # BHASIA @BlackHatEvents Information Classification: General ⚡ Getting Started @madhuakula

19. # BHASIA @BlackHatEvents Information Classification: General ⚡ Getting Started @madhuakula

20. # BHASIA @BlackHatEvents Information Classification: General ⚡ Getting Started https://madhuakula.com/kubernetes-goat

    @madhuakula

21. # BHASIA @BlackHatEvents Information Classification: General OWASP Kubernetes Top 10

    https://owasp.org/www-project-kubernetes-top-ten/ @madhuakula

22. # BHASIA @BlackHatEvents Information Classification: General 🛡 MITRE ATT&CK -

    Kubernetes Goat https://madhuakula.com/kubernetes-goat/docs/mitre/mitre-attack @madhuakula

23. # BHASIA @BlackHatEvents Information Classification: General ☸ 🐐 Demo Time

    🤞 🙏 @madhuakula

24. # BHASIA @BlackHatEvents Information Classification: General 🥳 Kubernetes Goat Adoption

    https://youtu.be/62_Cj6yseno?t=352 @madhuakula

25. # BHASIA @BlackHatEvents Information Classification: General 🏁 What’s Next 🏆

    Go to Kubernetes Security resources for anyone (from a variety experience and skills) 🔥 All scenarios will be updated with Defenders, Developers, Tools & Vendors sections 🚀 10+ more real-world hands-on scenarios coming (more and more will come 🏃…) ☸ One-click setups, various vendor related product testbeds, many more integrations 📝 Various OSS & Vendor tools (working with security vendors to bridge the gap 👋) 💥 Heavy push towards Developers, DevOps, Architects learning experience 🎉 Sponsors, roadmap, support, contributors, more global scope around Cloud Native @madhuakula

26. # BHASIA @BlackHatEvents Information Classification: General 🙌 Give it a

    try 🚀 Contribute ideas & suggestions 🤝 Work with the project & improve 🙏 Share your valuable feedback 🌟 Star in our GitHub 🎉 Spread word #KubernetesGoat Spread the ❤ #KubernetesGoat https://madhuakula.com/kubernetes-goat/docs/wall-of-love @madhuakula

27. # BHASIA @BlackHatEvents Information Classification: General Thank you 🙏 https://madhuakula.com

    @madhuakula https://madhuakula.com Want to learn more, have some idea, or just wanted to say 👋