├── LICENSE
├── README.md
├── art
├── HackingKubernetes.png
├── HackingKubernetes0.jpg
├── kubernetes_arquitecture.png
└── ports_kubernetes.png
└── pdf
├── Learn by Hacking.zip
└── k8s_cheatsheet.md
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2024 Andrej Marinchenko
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 | # HackingKubernetes
17 |
18 |
19 | HackingKubernetes - is a valuable resource and a leading container management system in development pipelines across
20 | the world, but it’s not exempt from malicious attacks. Using Kubernetes requires a deep understanding of Kubernetes’
21 | environment—including the different vulnerabilities you can be exposed to while creating, deploying, or running
22 | applications in your clusters.
23 |
24 | Since your Kubernetes cluster is likely one of your most valuable cloud resources, it needs to be protected.
25 | Kubernetes’ security addresses the safety of your cloud, application clusters, containers, apps and code. Although
26 | Kubernetes provides inherent security advantages, bolstering your defensive tactics is crucial to protecting your
27 | system against hackers and other cybersecurity threats.
28 |
29 | ## Intro
30 | - [OWASP Kubernetes Top Ten](https://owasp.org/www-project-kubernetes-top-ten/)
31 | - [Kubernetes adoption, security, and market trends report](https://www.redhat.com/en/resources/kubernetes-adoption-security-market-trends-overview)
32 |
33 |
34 | ### Official documentation kubernetes
35 | - [Kubernetes Documentation](https://kubernetes.io/docs/home/)
36 | - [Github repo kubernetes](https://github.com/kubernetes/kubernetes/)
37 | - [11 Ways (Not) to Get Hacked](https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/)
38 | - [Security kubernetes](https://kubernetes.io/docs/concepts/security/)
39 | - [Docker Engine security](https://docs.docker.com/engine/security/)
40 | -
41 |
42 | ### Security resources
43 | - [Container Security Site](https://www.container-security.site/)
44 | - [KubeCon + CloudNativeCon Europe 2024](https://www.youtube.com/playlist?list=PLj6h78yzYM2N8nw1YcqqKveySH6_0VnI0)
45 | - [Cloud native computing foundation](https://www.cncf.io/)
46 |
47 | ### Intro from TryHackMe (free)
48 | - [Intro to IaC](https://tryhackme.com/r/room/introtoiac)
49 | - [Intro to IaC with answers](https://github.com/BEPb/tryhackme/blob/master/01.easy/Intro%20to%20IaC.md)
50 | - [Microservices Architectures](https://tryhackme.com/r/room/microservicearchitectures)
51 | - [Microservices Architectures with answers](https://github.com/BEPb/tryhackme/blob/master/01.easy/Microservices%20Architectures.md)
52 | - [Kubernetes for Everyone](https://tryhackme.com/r/room/kubernetesforyouly)
53 | - [Kubernetes for Everyone with answers](https://github.com/BEPb/tryhackme/blob/master/02.Medium/Kubernetes%20for%20Everyone.md)
54 | - [K8s Best Security Practices](https://tryhackme.com/r/room/k8sbestsecuritypractices)
55 | - [K8s Best Security Practices with answers](https://github.com/BEPb/tryhackme/blob/master/02.Medium/K8s%20Best%20Security%20Practices.md)
56 | - [Cluster Hardening](https://tryhackme.com/r/room/clusterhardening)
57 | - [Cluster Hardening with answers](https://github.com/BEPb/tryhackme/blob/master/02.Medium/Cluster%20Hardening.md)
58 | - [Frank & Herby make an app](https://tryhackme.com/r/room/frankandherby)
59 | - [Frank & Herby make an app with answers](https://github.com/BEPb/tryhackme/blob/master/02.Medium/Frank%20%26%20Herby%20make%20an%20app.md)
60 |
61 | ### Intro from vmware
62 | - [What is Kubernetes?](https://www.vmware.com/topics/kubernetes)
63 | - [What is DevSecOps?](https://tanzu.vmware.com/devsecops)
64 | - [What is Kubernetes Architecture?](https://www.vmware.com/topics/kubernetes-architecture)
65 | - [What are Kubernetes Services?](https://www.vmware.com/topics/kubernetes-services)
66 | - [What is Kubernetes Security?](https://www.vmware.com/topics/kubernetes-security)
67 | - [What is Kubernetes Networking?](https://www.vmware.com/topics/kubernetes-networking)
68 | - [What are Kubernetes Clusters vs. Nodes vs. Pods vs. Containers vs. Containerized Applications?](https://www.vmware.com/topics/components-kubernetes)
69 | - [What are Kubernetes Pods?](https://www.vmware.com/topics/kubernetes-pods)
70 |
71 | ### Intro fromm yarsalabs
72 | - [A Deep Dive Into Kubernetes Pods](https://blog.yarsalabs.com/a-deep-dive-into-kubernetes-pods/)
73 | - [Installing the Components required for a Kubernetes Cluster](https://blog.yarsalabs.com/kubernetes-cluster-from-scratch-part1/)
74 | - [TLS Certificates Management for a Kubernetes Cluster](https://blog.yarsalabs.com/kubernetes-cluster-from-scratch-part2/)
75 | - [ETCD Server Setup for a Kubernetes Cluster](https://blog.yarsalabs.com/kubernetes-cluster-from-scratch-part3/)
76 | - [Generating Kubernetes Configuration Files for Authentication](https://blog.yarsalabs.com/kubernetes-cluster-from-scratch-part4/)
77 | - [Creating the Kubernetes Control Plane](https://blog.yarsalabs.com/kubernetes-cluster-from-scratch-part5/)
78 |
79 |
80 | ### Cheatsheets
81 |
82 | - [quick reference](https://kubernetes.io/docs/reference/kubectl/quick-reference/)
83 | - [k8s_cheatsheet.md](https://github.com/BEPb/HackingKubernetes/blob/master/pdf/k8s_cheatsheet.md)
84 | - [k8s-cheat-sheet](https://encore.dev/resources/k8s-cheat-sheet)
85 | - [kubernetes-cheat-sheet](https://www.mirantis.com/blog/kubernetes-cheat-sheet)
86 | - [Kubernetes Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html#securing-data)
87 |
88 |
89 |
90 |
91 | ### Atricles How to Hack Kubernetes
92 | - [How to Hack Kubernetes (and How to Protect It)](https://goteleport.com/blog/how-to-hack-kubernetes/)
93 | - [Securing Kubernetes Clusters by Eliminating Risky Permissions](https://www.cyberark.com/resources/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions)
94 | - [Kubernetes Pentest Methodology Part 1](https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1)
95 | - [Kubernetes Pentest Methodology Part 2](https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-2)
96 | - [Kubernetes Pentest Methodology Part 3](https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3)
97 | - [Eight Ways to Create a Pod](https://www.cyberark.com/resources/threat-research-blog/eight-ways-to-create-a-pod)
98 | - [Kubernetes Pod Escape Using Log Mounts](https://www.aquasec.com/blog/kubernetes-security-pod-escape-log-mounts/)
99 | - [The Route to Root: Container Escape Using Kernel Exploitation](https://www.cyberark.com/resources/threat-research-blog/the-route-to-root-container-escape-using-kernel-exploitation)
100 | - [Attacking Kubernetes clusters using the Kubelet API](https://faun.pub/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca)
101 | - [Threat matrix for Kubernetes](https://www.microsoft.com/en-us/security/blog/2020/04/02/attack-matrix-kubernetes/)
102 | - [Secure containerized environments with updated threat matrix for Kubernetes](https://www.microsoft.com/en-us/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/)
103 | - [Introduction to GKE Kubelet TLS Bootstrap Privilege Escalation](https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/)
104 | - [Bad Pods: Kubernetes Pod Privilege Escalation](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation)
105 | - [Bad Pods github](https://github.com/BishopFox/badPods)
106 | - [Hacking Kubelet on Google Kubernetes Engine](https://www.4armed.com/blog/hacking-kubelet-on-gke/)
107 |
108 | ### PDF
109 | - [Learn by Hacking](https://github.com/calinah/learn-by-hacking-kccn/blob/master/Learn%20by%20Hacking.pdf)
110 | -
111 |
112 | ### Kubernetes Security
113 | - [Kubernetes Security Best Practices everyone must follow](https://www.cncf.io/blog/2019/01/14/9-kubernetes-security-best-practices-everyone-must-follow)
114 | - [Securing a Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster)
115 | - [Security Best Practices for Kubernetes Deployment](https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment)
116 | - [Kubernetes Security Best Practices](https://phoenixnap.com/kb/kubernetes-security-best-practices)
117 | - [Kubernetes Security 101: Risks and 29 Best Practices](https://www.stackrox.com/post/2020/05/kubernetes-security-101)
118 | - [15 Kubernetes security best practice to secure your cluster](https://www.mobilise.cloud/15-kubernetes-security-best-practice-to-secure-your-cluster)
119 | - [The Ultimate Guide to Kubernetes Security](https://neuvector.com/container-security/kubernetes-security-guide)
120 | - [11 Ways (Not) to Get Hacked](https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked)
121 | - [12 Kubernetes configuration best practices](https://www.stackrox.com/post/2019/09/12-kubernetes-configuration-best-practices/#6-securely-configure-the-kubernetes-api-server)
122 | - [A Practical Guide to Kubernetes Logging](https://logz.io/blog/a-practical-guide-to-kubernetes-logging)
123 | - [Kubernetes Web UI (Dashboard)](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard)
124 | - [OPEN POLICY AGENT: CLOUD-NATIVE AUTHORIZATION](https://blog.styra.com/blog/open-policy-agent-authorization-for-the-cloud)
125 | - [Introducing Policy As Code: The Open Policy Agent (OPA) ](https://www.magalix.com/blog/introducing-policy-as-code-the-open-policy-agent-opa)
126 | - [What service mesh provides](https://aspenmesh.io/wp-content/uploads/2019/10/AspenMesh_CompleteGuide.pdf)
127 | - [Three Technical Benefits of Service Meshes and their Operational Limitations, Part 1](https://glasnostic.com/blog/service-mesh-istio-limits-and-benefits-part-1)
128 | - [Open Policy Agent: What Is OPA and How It Works (Examples)](https://spacelift.io/blog/what-is-open-policy-agent-and-how-it-works)
129 | - [Send Kubernetes Metrics To Kibana and Elasticsearch](https://logit.io/sources/configure/kubernetes/)
130 | - [Kubernetes Security Checklist](https://kubernetes.io/docs/concepts/security/security-checklist/)
131 |
132 |
Container & Kubernetes Security Tools
This is a list of open source tools which help with areas related to Container security. Some of the tools in this list don’t fit neatly into a specific category or categories, so they’re listed with the closest option.
namespacehound - Tool to test a cluster for possible namespace breakouts where multi-tenancy is in use.
Kubelet Tools
kubeletctl - This is a good tool to automate the process of assessing a kubelet instance. If the instance is vulnerable it can also carry out some exploit tasks
kubelet dumper - PoC tool to dump Kubelet configurations for review.
etcd Tools
auger - Tool for decoding information pulled directly from the etcd database
Inevitably over time, some tools will become unmaintained and deprecated. Whilst they may still work ok, caution is needed. If I’ve listed you here and you’re not deprecated just open an issue to move it back :)
kube-hunter - Tool to test and exploit standard Kubernetes Security Vulnerabilities
kubectl-who-can - Tool that lets you ask “who can” do things in RBAC, e.g. who can get secrets
rakkess - Shows the RBAC permissions available to a user as a list
rback - tool for graphical representation of RBAC permissions in a kubernetes cluster
amicontained - will show you information about the container runtime and rights you have
kubedagger - Kubernetes offensive framework built in eBPF.
kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments