Professional Documents
Culture Documents
K8s Pentenst
K8s Pentenst
All-in-one:
The Ultimate Toolkit
Sergey Kanibor
Luntry
@r0binak
whoami
Target Environment
MTKPI
Conclusions
Threat Actors
Compromised
External
Developer
Internal
§ Vulnerable applications
§ Vulnerable applications
§ Vulnerable applications
§ Misconfigured Docker/Containerd/CRIO
daemon
§ Vulnerable applications
§ Misconfigured Docker/Containerd/CRIO
daemon
§ Bad Pods
§ Bad Pods
§ Bad Pods
§ Bad Pods
§ Third-party instances
Compromised Developer
Compromised Developer
Compromised Developer
Link
§ Runtime Security
§ Network Policy
§ RBAC
Inspired by:
§ botty
§ Hacker container
§ netshoot
§ alpine-containertools
§ botb
§ deepce
§ botb
§ deepce
§ Privilege Escalation
§ Traitor
§ linuxprivchecker
§ botb
§ deepce
§ Privilege Escalation
§ Traitor
§ linuxprivchecker
§ Network
§ curl
§ dig
§ nc
§ There are a number of files and directories that contain information used by vulnerability scanners
and SBOM tools
§ There are a number of files and directories that contain information used by vulnerability scanners
and SBOM tools
§ No feeds == no vulns J
§ Modified /etc/os/release
§ Attacks in which the attacker uses legitimate utilities to perform malicious actions
§ Attacks in which the attacker uses legitimate utilities to perform malicious actions
§ Attacks in which the attacker uses legitimate utilities to perform malicious actions
§ GTFObins
§ Attacks in which the attacker uses legitimate utilities to perform malicious actions
§ GTFObins
§ hostNetwork: true
§ hostNetwork: true
§ https://github.com/blackberry/Falco-bypasses
§ https://www.antitree.com/2019/09/container-runtime-security-bypasses-on-falco/
§ https://www.youtube.com/watch?v=nGqWskXRSmo
§ https://github.com/falcosecurity/falco/security/advisories/GHSA-rfgw-vmxp-hp5g
§ With proper preparation, even secure environments aren't so secure after all
§ With proper preparation, even secure environments aren't so secure after all
§ With proper preparation, even secure environments aren't so secure after all
§ To ensure a high level of security in Kubernetes, strive for the ZeroTrust model
(NetworkPolicy, behavior models, AppArmor, Policy Engines, ...)
§ With proper preparation, even secure environments aren't so secure after all
§ To ensure a high level of security in Kubernetes, strive for the ZeroTrust model
(NetworkPolicy, behavior models, AppArmor, Policy Engines, ...)
§ MTKPI will both simplify pentesting and verify your actual level of security in
containerized environments
MTKPI @k8security