HackingKubernetes

HackingKubernetes - is a valuable resource and a leading container management system in development pipelines across the world, but it’s not exempt from malicious attacks. Using Kubernetes requires a deep understanding of Kubernetes’ environment—including the different vulnerabilities you can be exposed to while creating, deploying, or running applications in your clusters.

Since your Kubernetes cluster is likely one of your most valuable cloud resources, it needs to be protected. Kubernetes’ security addresses the safety of your cloud, application clusters, containers, apps and code. Although Kubernetes provides inherent security advantages, bolstering your defensive tactics is crucial to protecting your system against hackers and other cybersecurity threats.

• OWASP Kubernetes Top Ten
• Kubernetes adoption, security, and market trends report

• Kubernetes Documentation
• Github repo kubernetes
• 11 Ways (Not) to Get Hacked
• Security kubernetes
• Docker Engine security

• Container Security Site
• KubeCon + CloudNativeCon Europe 2024
• Cloud native computing foundation

• Intro to IaC
• Intro to IaC with answers
• Microservices Architectures
• Microservices Architectures with answers
• Kubernetes for Everyone
• Kubernetes for Everyone with answers
• K8s Best Security Practices
• K8s Best Security Practices with answers
• Cluster Hardening
• Cluster Hardening with answers
• Frank & Herby make an app
• Frank & Herby make an app with answers

• What is Kubernetes?
• What is DevSecOps?
• What is Kubernetes Architecture?
• What are Kubernetes Services?
• What is Kubernetes Security?
• What is Kubernetes Networking?
• What are Kubernetes Clusters vs. Nodes vs. Pods vs. Containers vs. Containerized Applications?
• What are Kubernetes Pods?

• A Deep Dive Into Kubernetes Pods
• Installing the Components required for a Kubernetes Cluster
• TLS Certificates Management for a Kubernetes Cluster
• ETCD Server Setup for a Kubernetes Cluster
• Generating Kubernetes Configuration Files for Authentication
• Creating the Kubernetes Control Plane

• quick reference
• k8s_cheatsheet.md
• k8s-cheat-sheet
• kubernetes-cheat-sheet
• Kubernetes Security Cheat Sheet

• How to Hack Kubernetes (and How to Protect It)
• Securing Kubernetes Clusters by Eliminating Risky Permissions
• Kubernetes Pentest Methodology Part 1
• Kubernetes Pentest Methodology Part 2
• Kubernetes Pentest Methodology Part 3
• Eight Ways to Create a Pod
• Kubernetes Pod Escape Using Log Mounts
• The Route to Root: Container Escape Using Kernel Exploitation
• Attacking Kubernetes clusters using the Kubelet API
• Threat matrix for Kubernetes
• Secure containerized environments with updated threat matrix for Kubernetes
• Introduction to GKE Kubelet TLS Bootstrap Privilege Escalation
• Bad Pods: Kubernetes Pod Privilege Escalation
• Bad Pods github
• Hacking Kubelet on Google Kubernetes Engine

• Learn by Hacking

• Kubernetes Security Best Practices everyone must follow
• Securing a Cluster
• Security Best Practices for Kubernetes Deployment
• Kubernetes Security Best Practices
• Kubernetes Security 101: Risks and 29 Best Practices
• 15 Kubernetes security best practice to secure your cluster
• The Ultimate Guide to Kubernetes Security
• 11 Ways (Not) to Get Hacked
• 12 Kubernetes configuration best practices
• A Practical Guide to Kubernetes Logging
• Kubernetes Web UI (Dashboard)
• OPEN POLICY AGENT: CLOUD-NATIVE AUTHORIZATION
• Introducing Policy As Code: The Open Policy Agent (OPA)
• What service mesh provides
• Three Technical Benefits of Service Meshes and their Operational Limitations, Part 1
• Open Policy Agent: What Is OPA and How It Works (Examples)
• Send Kubernetes Metrics To Kibana and Elasticsearch
• Kubernetes Security Checklist

This is a list of open source tools which help with areas related to Container security. Some of the tools in this list don’t fit neatly into a specific category or categories, so they’re listed with the closest option.

Useful tools to run inside a container to assess the sandbox that’s in use, and exploit some common breakout issues.

• deepce - Docker Enumeration, Escalation of Privileges and Container Escapes
• CDK - Container and Kubernetes auditing and breakout tool.

• Trivy - Vulnerability and IaC scanner
• Grype - Container vulnerability scanner
• clair - Container vulnerability scanner
• Docker Scout - Container Vulnerability scanner
• dep-scan - Vulnerability and mis-configuration scanner
• Neuvector Scanner - Container Vulnerability Scanning Tool.

• Trivy - Vulnerability and IaC scanner
• Checkov - IaC scanner
• KICS - IaC scanner
• dep-scan - Vulnerability and mis-configuration scanner
• Terrascan - IAC Scanner for various formats including Docker and Kubernetes
• hadolint - Docker file linter

• docker bench - Docker CIS Benchmark assessment tool
• Dockle - Container Image Linter
• cnspec - Assessment tool for multiple platforms including Docker and Kubernetes

• Tracee. Container runtime security tooling
• Falco. Container runtime security tooling
• Kubearmor. Container runtime security enforcement tool
• Tetragon. Container runtime security tool

• regclient - Another tool for interacting with container registries
• crane - Tool for interacting with Container registries.
• skopeo - Tool for interaction with Container registries

• Dive - Tool for exploring Container image layers

• rbac-tool - RBAC Tool for Kubernetes
• kubiScan - Tool to scan Kubernetes clusters for risky permissions
• krane - Kubernetes RBAC static analysis & visualisation tool
• eathar - Kubernetes security assessment tool focusing on workload security and RBAC.

• kube-bench - Tool to assess compliance with the CIS benchmark for various Kubernetes distributions
• kubescape - Kubernetes security assessment tool
• kubeaudit - Kubernetes security assessment tool focusing on workload security
• kubesec - Kubernetes security assessment tool focusing on workload security
• kubescore - Kubernetes security and reliability assessment tool focusing on workload security.
• eathar - Kubernetes security assessment tool focusing on workload security and RBAC.
• popeye - Kubernetes cluster scanner, looking for possible mis-configurations.
• cnspec - Assessment tool for multiple platforms including Docker and Kubernetes

• peirates - Kubernetes container breakout tool
• kdigger - Kubernetes breakout/discovery tool
• teisteanas - Tool to create kubeconfig files based on the CertificateSigningRequest API.
• tòcan - Tool to create kubeconfig files based on the TokenRequest API.
• MKAT - Managed Kubernetes Auditing Tool. Focuses on exploring security issues in managed Kubernetes (e.g. EKS)
• Kubehound - KubeHound creates a graph of attack paths in a Kubernetes cluster
• IceKube - Kubernetes attack path evaluation tool.
• namespacehound - Tool to test a cluster for possible namespace breakouts where multi-tenancy is in use.

• kubeletctl - This is a good tool to automate the process of assessing a kubelet instance. If the instance is vulnerable it can also carry out some exploit tasks
• kubelet dumper - PoC tool to dump Kubelet configurations for review.

• auger - Tool for decoding information pulled directly from the etcd database

• ThreatMapper. Cloud + Container Security observability

If you’re looking to practice with some of the tools here, in a safe environment, there are projects to help with that.

• Kube Security Lab - Basic set of Kubernetes security scenarios implemented in Ansible with KinD
• Kubernetes Simulator - AWS based Kubernetes cluster environment with different vulnerability scenarios
• Kubernetes Goat - Focuses on vulnerable deployments on top of an existing cluster. Also available on line with Katacoda
• K8s-iam-lab - Kubernetes IAM Lab

• Helix Honeypot - Kubernetes API server honeypot
• Kubernetes Honeytokens - A honey token Canary for use with honeypots.

• Security Profiles Operator - Kubernetes operator for security profiles
• hardeneks - Tool to harden EKS clusters

Inevitably over time, some tools will become unmaintained and deprecated. Whilst they may still work ok, caution is needed. If I’ve listed you here and you’re not deprecated just open an issue to move it back :)

• kube-hunter - Tool to test and exploit standard Kubernetes Security Vulnerabilities
• kubectl-who-can - Tool that lets you ask “who can” do things in RBAC, e.g. who can get secrets
• rakkess - Shows the RBAC permissions available to a user as a list
• rback - tool for graphical representation of RBAC permissions in a kubernetes cluster
• amicontained - will show you information about the container runtime and rights you have
• ConMachi - Pentester focused container attack surface assessment tool
• botb - Container breakout assessment tool. Can automatically exploit common issues like the Docker socket mount
• keyctl-unmask - Tool that specifically focuses on grabbing kernel keyring entries from containers that allow the keyctl syscall
• go-pillage-registries - Tool to search the manifests and configuration for images in a registry for potentially sensitive information
• reg - Tool for interacting with Container registries
• Whaler - Tool to reverse Docker images into Dockerfiles.
• RBAC Police - RBAC policy evaluation.
• kubestrike - Security auditing tool for Kubernetes looks at Authenticated and unauthenticated scanning
• kubestroyer - Kubernetes pentesting tool.
• kubestalk - Black Box Kubernetes Pentesting Tool.
• kubedagger - Kubernetes offensive framework built in eBPF.
• kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments
• k8spot - Kubernetes honeypot.