Kubernetes Security

Kubernetes Architecture
Kubernetes Attack Surface
- Control Plane
  - etcd
  - master nodes
Kubernetes Secure Configurations
- Public traffic to cluster is proxied through load balancer
- Cluster RBAC
Kubernetes Threat Model
Tools
- Penetration Testing tool : https://github.com/inguardians/peirates
- Trivy Vulnerability scanner : https://github.com/aquasecurity/trivy
- Deepce : Docker Enumeration https://github.com/stealthcopter/deepce
Attack Paths
- subdomain enumeration -> S3 bucket scan
- Web application exploitation -> api call exploitation -> RCE ->SSRF -> access to pods
  - Ex: java struts running on internet facing pod (CVE-2017-5638)
- Nuclei templates -> subdomains/api's

References:

Last updated 1 year ago