Tuesday, April 23, 2024

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library

Home
Security Creators Network
Webinars
Events
- Upcoming Events
- On-Demand Events
Sponsored Content
Chat
Library
Related Sites
Media Kit
About
Sponsor

Analytics
AppSec
CISO
Cloud
DevOps
GRC
Identity
Incident Response
IoT / ICS
Threats / Breaches
More
Humor

Hot Topics

Is Your Password Strong Enough? Brute Force Attack on the Rise!
Response to CISA Advisory (AA24-109A): #StopRansomware: Akira Ransomware
USENIX Security ’23 - The Case for Learned Provenance Graph Storage Systems
BreachRx Gets $6.5 Million to Automate Security Incident Response
What is CAS Integration?

Cloud Security Security Bloggers Network

Home » Cybersecurity » Cloud Security » Kubernetes: Master Post

Kubernetes: Master Post

by CG on January 7, 2019

I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i’m missing blog posts or useful resources ping me here or twitter.

Talks you should watch if you are interested in Kubernetes:

Hacking and Hardening Kubernetes Clusters by Example [I] – Brad Geesaman

https://www.youtube.com/watch?v=vTgQLzeBfRU
https://github.com/bgeesaman/
https://github.com/bgeesaman/hhkbe [demos for the talk above]
https://schd.ws/hosted_files/kccncna17/d8/Hacking%20and%20Hardening%20Kubernetes%20By%20Example%20v2.pdf

Perfect Storm Taking the Helm of Kubernetes Ian Coldwater

https://www.youtube.com/watch?v=1k-GIDXgfLw

A Hacker’s Guide to Kubernetes and the Cloud – Rory McCune

https://www.youtube.com/watch?v=dxKpCO2dAy8

Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes

https://www.youtube.com/watch?v=ohTq0no0ZVU

Blog Posts by others:
https://techbeacon.com/hackers-guide-kubernetes-security
https://elweb.co/the-security-footgun-in-etcd/
https://www.4armed.com/blog/hacking-kubelet-on-gke/
https://www.4armed.com/blog/kubeletmein-kubelet-hacking-tool/
https://www.4armed.com/blog/hacking-digitalocean-kubernetes/
https://github.com/freach/kubernetes-security-best-practice
https://neuvector.com/container-security/kubernetes-security-guide/
https://medium.com/@pczarkowski/the-kubernetes-api-call-is-coming-from-inside-the-cluster-f1a115bd2066
https://blog.intothesymmetry.com/2018/12/persistent-xsrf-on-kubernetes-dashboard.html
https://raesene.github.io/blog/2016/10/14/Kubernetes-Attack-Surface-cAdvisor/
https://raesene.github.io/blog/2017/05/01/Kubernetes-Security-etcd/

Techstrong Con 2024

Sponsorships Available

Sponsorships Available

Sponsorships Available

Auditing tools
https://github.com/Shopify/kubeaudit
https://github.com/aquasecurity/kube-bench
https://github.com/aquasecurity/kube-hunter

CG Posts:

Open Etcd: http://carnal0wnage.attackresearch.com/2019/01/kubernetes-open-etcd.html
Etcd with kube-hunter: http://carnal0wnage.attackresearch.com/2019/01/kubernetes-kube-hunterpy-etcd.html
cAdvisor: http://carnal0wnage.attackresearch.com/2019/01/kubernetes-cadvisor.html

Kubernetes dashboards
Kublet 10255
Kublet 10250
– Container Logs
– Getting shellz

Cloud Metadata Urls and Kubernetes

-I’ll update as they get posted

Recent Articles By Author

Jenkins – CVE-2018-1000600 PoC
Jenkins – decrypting credentials.xml
Jenkins Master Post

*** This is a Security Bloggers Network syndicated blog from Carnal0wnage & Attack Research Blog authored by CG. Read the original post at: http://carnal0wnage.attackresearch.com/2019/01/kubernetes-master-post.html

January 7, 2019January 7, 2019 CG Cloud, devoops, Hacking, Kubernetes, pentesting

← Lights out: Can the U.S. survive a ‘catastrophic’ power outage?
Marriott lowers estimate of customers affected by breach to 383 million, says 8.6 million encrypted payment cards involved →

Techstrong TV

Click full-screen to enable volume control

Watch latest episodes and shows

Upcoming Webinars

Mastering AI Security Posture Management for Cloud Security Professionals

Building better AppSec programs with ASPM

The Promise and Perils of AI

How Are You Protecting Your Company from API Security Breaches?

How Many Types of SBOM Are There?

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

Most Read on the Boulevard

Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web

Vulnerabilities for AI and ML Applications are Skyrocketing

House Passes Privacy-Preserving Bill, but Biden Blasts it

LabHost Phishing Platform is Latest Target of International Law Agencies

Akira Ransomware Group Takes in $42 Million From 250 Attacks in a Year

USENIX Security ’23 – NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers

The Dark Side of EDR: Repurpose EDR as an Offensive Tool

What Makes Containers Vulnerable?

Review: ‘Artificial Intelligence — A Primer for State and Local Governments’

Choosing SOC Tools? Read This First [2024 Guide]

Industry Spotlight

API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Deep Fake and Other Social Engineering Tactics Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Industry Spotlight Insider Threats IOT IoT & ICS Security Mobile Security Most Read This Week News Popular Post Regulatory Compliance Securing the Cloud Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches Zero-Trust

House Passes Privacy-Preserving Bill, but Biden Blasts it

April 18, 2024 Richi Jennings | 4 days ago 0

Application Security Cybersecurity Data Privacy Data Security DevOps Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight

XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation

April 17, 2024 Jeffrey Burt | Apr 17 0

Analytics & Intelligence Cyberlaw Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Insider Threats Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Security Operations Social - Facebook Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Zero-Trust

SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

April 16, 2024 Richi Jennings | Apr 16 0

Top Stories

Cyberlaw Cybersecurity Data Privacy Data Security Featured Incident Response Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

BreachRx Gets $6.5 Million to Automate Security Incident Response

April 22, 2024 Jeffrey Burt | Yesterday 0

Cloud Security Cybersecurity Data Security Featured Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches

Akira Ransomware Group Takes in $42 Million From 250 Attacks in a Year

April 21, 2024 Jeffrey Burt | 1 day ago 0

Cybersecurity Data Privacy Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches

LabHost Phishing Platform is Latest Target of International Law Agencies

April 19, 2024 Jeffrey Burt | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Pub Trivia’

Randall Munroe’s XKCD ‘Pub Trivia’

Download Free eBook

The State of Cloud Native Security 2020

Join the Community

Add your blog to Security Creators Network
Write for Security Boulevard
Bloggers Meetup and Awards
Ask a Question
Email: [email protected]

Useful Links

About
Media Kit
Sponsor Info
Copyright
TOS
DMCA Compliance Statement
Privacy Policy

Related Sites

Techstrong Group
Cloud Native Now
DevOps.com
Digital CxO
Techstrong Research
Techstrong TV
Techstrong.tv Podcast
DevOps Chat
DevOps Dozen
DevOps TV

Powered by Techstrong Group

Copyright © 2024 Techstrong Group Inc. All rights reserved.