Kubectl Get Hacked
Discussing some ways kubeconfig files can bite
Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes
Recreating a vulnerability in log streaming via the Kubelet on Windows nodes
Kubelet Mirror Pod Behaviours
Exploring edge-case in Kubernetes mirror pods and the Kubelet’s static manifests
Platform Problems - Getting CTF Flags the Wrong Way
How we compromised a CTF platform to get flags without solving the challenges
Breaking Boundaries
Anyone who’s spoken to me for any period of time about Kubernetes, or had the misfortune of being vaguely near me when I’m ranting about it, probably knows my feelings on the setup. It does work, and work effectively, but there are a plethora of sharp edges and unexpected behaviours. A number of these are documented here. This post details my most recent addition to this list. RBAC does not claim to solve all security problems in Kubernetes, and indeed it is only one arrow in the proverbial quiver....
Getting Started in Kubernetes Security
This is a post I’ve been meaning to write for a while. It’s not going to be a definitive guide, more a ramble through some of the resources available to those looking to start down this path. Huge thanks to everyone who attended the DevSecCon London meetup last week to participate in our CTF, for reminding me to write this. There’s a lot of information out there around Container Security, and none of it is going to be enough to make you an expert in isolation....
Homelab Ingress and ExternalNames
Making Kubernetes handle homelab networking and DNS.
Read The Falco Manual
I need to read docs better. This post is to give myself a nice copy-paste for next time I want to do the thing I spent today doing, without reading again.
Spinny Remote Controls
A home automation post about remote controls that spin me right round, baby, right round.
Kubernetes 1.24 Public Audit
Originally posted by NCC Group at https://research.nccgroup.com/2023/04/17/public-report-kubernetes-1-24-security-audit/ NCC Group was selected to perform a security evaluation of Kubernetes 1.24.0 release in response to Kubernetes SIG Security’s Third-Party Security Audit Request for Proposals. The testing portion of the audit took place in May and June 2022. The global project team performed a security architectural design review that resulted in the identification of findings in terms of secure design of Kubernetes. The team also performed dynamic native application pen tests, including source code and cryptographic review which found vulnerabilities in multiple components....