├── .gitignore
├── README.md
├── gist
    ├── docker_api
    │   ├── 1_curl_api.sh
    │   ├── 2_ps_and_run_a_container.sh
    │   └── poc.py
    ├── get_secert
    │   └── curl.sh
    ├── privileged
    │   ├── 1-host-ps.sh
    │   ├── docker_run_cmd.sh
    │   ├── k8s_new.yaml
    │   └── k8s_new_cmd.sh
    ├── readme.md
    ├── service_account
    │   ├── exec.sh
    │   ├── masscan_pod.yaml
    │   ├── set_cert.sh
    │   └── simple.yaml
    ├── set_target.sample.sh
    └── try_google_cloud
    │   ├── 1_startup_github_project.sh
    │   ├── 2_host_info.sh
    │   └── host_root.sh
├── mdimg
    ├── 20220521115419.png
    ├── 20220521122243.png
    ├── 20220521123149.png
    ├── 20220521225818.png
    ├── 20220521230036.png
    ├── 20220521230825.png
    ├── 20220521231424.png
    └── kyubey.gif
├── paper
    ├── 1.如何从Kubernetes节点权限提升至集群管理员权限.md
    ├── 2.红蓝对抗中的云原生漏洞挖掘及利用实录.md
    ├── 3.容器场景下Chromium组件风险剖析与收敛.md
    ├── 4.使用eBPF逃逸容器技术分析与实践.md
    ├── 5.内核实现之外CVE-2022-0492被忽视的关键点.md
    └── mdimg
    │   ├── 2022-03-25-13-18-17.png
    │   ├── 2022-03-25-13-20-21.png
    │   ├── 2022-03-25-13-26-37.png
    │   ├── 2022-03-25-13-32-44.png
    │   ├── 2022-03-25-13-45-52.png
    │   ├── 2022-03-25-13-53-05.png
    │   ├── 2022-03-25-16-47-00.png
    │   ├── 20220504234128.png
    │   ├── 20220505000131.png
    │   ├── 20220505193755.png
    │   ├── 20220505193819.png
    │   ├── 20220505194138.png
    │   ├── 20220505194155.png
    │   ├── 20220505194257.png
    │   ├── 20220505194359.png
    │   ├── 20220505194433.png
    │   ├── 20220505194451.png
    │   ├── 20220505194527.png
    │   ├── 20220505194631.png
    │   ├── 20220506143442.png
    │   ├── 20220510155125.png
    │   ├── 20220511210624.png
    │   ├── 20220511211051.png
    │   ├── 20220522212511.png
    │   ├── 20220522222023.png
    │   ├── 20220522224228.png
    │   ├── 20220522225633.png
    │   ├── 20220522230442.png
    │   ├── 20220522233321.png
    │   └── 20220523002153.png
└── slide
    ├── 2019 jingqicon - Red vs Blue for containerized application.pdf
    ├── 2020 CIS - Attack in a Service Mesh - Public.pptx.pdf
    ├── 2021 BlackHat ASIA Arsenal - Zero Dependency Container Penetration Toolkit.pdf
    ├── 2021 HITB - Attack Cloud Native Kubernetes.pdf
    ├── 2021 WHC - 多租户容器集群权限提升的攻防对抗.pdf
    ├── 2021 WHC2021 CDK-Also-a-Awesome-BugBounty-Tool-for-Cloud-Platform.pptx.pdf
    ├── 2022  TBGF- A Bugbounty Story of “Cloud-Native”.pptx.pdf
    ├── CNCF KubeCon & CloudNativeCon - Redteam Views Security Practice of K8s Cluster Administrator.pdf
    └── README.md


/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/.gitignore


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/README.md


--------------------------------------------------------------------------------
/gist/docker_api/1_curl_api.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/docker_api/1_curl_api.sh


--------------------------------------------------------------------------------
/gist/docker_api/2_ps_and_run_a_container.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/docker_api/2_ps_and_run_a_container.sh


--------------------------------------------------------------------------------
/gist/docker_api/poc.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/docker_api/poc.py


--------------------------------------------------------------------------------
/gist/get_secert/curl.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/get_secert/curl.sh


--------------------------------------------------------------------------------
/gist/privileged/1-host-ps.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/privileged/1-host-ps.sh


--------------------------------------------------------------------------------
/gist/privileged/docker_run_cmd.sh:
--------------------------------------------------------------------------------
1 | docker run --privileged -it alpine sh


--------------------------------------------------------------------------------
/gist/privileged/k8s_new.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/privileged/k8s_new.yaml


--------------------------------------------------------------------------------
/gist/privileged/k8s_new_cmd.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/privileged/k8s_new_cmd.sh


--------------------------------------------------------------------------------
/gist/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/readme.md


--------------------------------------------------------------------------------
/gist/service_account/exec.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/service_account/exec.sh


--------------------------------------------------------------------------------
/gist/service_account/masscan_pod.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/service_account/masscan_pod.yaml


--------------------------------------------------------------------------------
/gist/service_account/set_cert.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/service_account/set_cert.sh


--------------------------------------------------------------------------------
/gist/service_account/simple.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/service_account/simple.yaml


--------------------------------------------------------------------------------
/gist/set_target.sample.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/set_target.sample.sh


--------------------------------------------------------------------------------
/gist/try_google_cloud/1_startup_github_project.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/try_google_cloud/1_startup_github_project.sh


--------------------------------------------------------------------------------
/gist/try_google_cloud/2_host_info.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/try_google_cloud/2_host_info.sh


--------------------------------------------------------------------------------
/gist/try_google_cloud/host_root.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/gist/try_google_cloud/host_root.sh


--------------------------------------------------------------------------------
/mdimg/20220521115419.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521115419.png


--------------------------------------------------------------------------------
/mdimg/20220521122243.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521122243.png


--------------------------------------------------------------------------------
/mdimg/20220521123149.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521123149.png


--------------------------------------------------------------------------------
/mdimg/20220521225818.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521225818.png


--------------------------------------------------------------------------------
/mdimg/20220521230036.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521230036.png


--------------------------------------------------------------------------------
/mdimg/20220521230825.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521230825.png


--------------------------------------------------------------------------------
/mdimg/20220521231424.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/20220521231424.png


--------------------------------------------------------------------------------
/mdimg/kyubey.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/mdimg/kyubey.gif


--------------------------------------------------------------------------------
/paper/1.如何从Kubernetes节点权限提升至集群管理员权限.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/1.如何从Kubernetes节点权限提升至集群管理员权限.md


--------------------------------------------------------------------------------
/paper/2.红蓝对抗中的云原生漏洞挖掘及利用实录.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/2.红蓝对抗中的云原生漏洞挖掘及利用实录.md


--------------------------------------------------------------------------------
/paper/3.容器场景下Chromium组件风险剖析与收敛.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/3.容器场景下Chromium组件风险剖析与收敛.md


--------------------------------------------------------------------------------
/paper/4.使用eBPF逃逸容器技术分析与实践.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/4.使用eBPF逃逸容器技术分析与实践.md


--------------------------------------------------------------------------------
/paper/5.内核实现之外CVE-2022-0492被忽视的关键点.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/5.内核实现之外CVE-2022-0492被忽视的关键点.md


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-13-18-17.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-13-18-17.png


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-13-20-21.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-13-20-21.png


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-13-26-37.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-13-26-37.png


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-13-32-44.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-13-32-44.png


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-13-45-52.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-13-45-52.png


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-13-53-05.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-13-53-05.png


--------------------------------------------------------------------------------
/paper/mdimg/2022-03-25-16-47-00.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/2022-03-25-16-47-00.png


--------------------------------------------------------------------------------
/paper/mdimg/20220504234128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220504234128.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505000131.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505000131.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505193755.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505193755.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505193819.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505193819.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194138.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194138.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194155.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194155.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194257.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194257.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194359.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194359.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194433.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194433.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194451.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194451.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194527.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194527.png


--------------------------------------------------------------------------------
/paper/mdimg/20220505194631.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220505194631.png


--------------------------------------------------------------------------------
/paper/mdimg/20220506143442.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220506143442.png


--------------------------------------------------------------------------------
/paper/mdimg/20220510155125.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220510155125.png


--------------------------------------------------------------------------------
/paper/mdimg/20220511210624.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220511210624.png


--------------------------------------------------------------------------------
/paper/mdimg/20220511211051.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220511211051.png


--------------------------------------------------------------------------------
/paper/mdimg/20220522212511.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220522212511.png


--------------------------------------------------------------------------------
/paper/mdimg/20220522222023.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220522222023.png


--------------------------------------------------------------------------------
/paper/mdimg/20220522224228.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220522224228.png


--------------------------------------------------------------------------------
/paper/mdimg/20220522225633.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220522225633.png


--------------------------------------------------------------------------------
/paper/mdimg/20220522230442.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220522230442.png


--------------------------------------------------------------------------------
/paper/mdimg/20220522233321.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220522233321.png


--------------------------------------------------------------------------------
/paper/mdimg/20220523002153.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/paper/mdimg/20220523002153.png


--------------------------------------------------------------------------------
/slide/2019 jingqicon - Red vs Blue for containerized application.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2019 jingqicon - Red vs Blue for containerized application.pdf


--------------------------------------------------------------------------------
/slide/2020 CIS - Attack in a Service Mesh - Public.pptx.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2020 CIS - Attack in a Service Mesh - Public.pptx.pdf


--------------------------------------------------------------------------------
/slide/2021 BlackHat ASIA Arsenal - Zero Dependency Container Penetration Toolkit.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2021 BlackHat ASIA Arsenal - Zero Dependency Container Penetration Toolkit.pdf


--------------------------------------------------------------------------------
/slide/2021 HITB - Attack Cloud Native Kubernetes.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2021 HITB - Attack Cloud Native Kubernetes.pdf


--------------------------------------------------------------------------------
/slide/2021 WHC - 多租户容器集群权限提升的攻防对抗.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2021 WHC - 多租户容器集群权限提升的攻防对抗.pdf


--------------------------------------------------------------------------------
/slide/2021 WHC2021 CDK-Also-a-Awesome-BugBounty-Tool-for-Cloud-Platform.pptx.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2021 WHC2021 CDK-Also-a-Awesome-BugBounty-Tool-for-Cloud-Platform.pptx.pdf


--------------------------------------------------------------------------------
/slide/2022  TBGF- A Bugbounty Story of “Cloud-Native”.pptx.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/2022  TBGF- A Bugbounty Story of “Cloud-Native”.pptx.pdf


--------------------------------------------------------------------------------
/slide/CNCF KubeCon & CloudNativeCon - Redteam Views Security Practice of K8s Cluster Administrator.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/CNCF KubeCon & CloudNativeCon - Redteam Views Security Practice of K8s Cluster Administrator.pdf


--------------------------------------------------------------------------------
/slide/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/re0-kubernetes-sec-archive/HEAD/slide/README.md


--------------------------------------------------------------------------------