Kubernetes Goat
Kubernetes Goat is interactive Kubernetes security learning playground, which can allow you to practice several scenarios and learn best practices.
How to start working with Kubernetes Goat? At first clone the repository:
git clone https://github.com/madhuakula/kubernetes-goat
cd kubernetes-goat
Then create local Kubernetes cluster e.g. using kind:
kind create cluster --name home-lab
After Kubernetes cluster is up, configure Kubernetes Goat:
chmod +x setup-kubernetes-goat.sh
bash setup-kubernetes-goat.sh
And forward ports using script:
bash access-kubernetes-goat.sh
Then Kubernetes Goat GUI can be accessed by URL: http://127.0.0.1:1234.
After finishing your work, you can clean your environment by just removing Kubernetes cluster:
kind delete cluster --name home-lab
Scenarios
Sensitive keys in codebases
Tools:
- Gobuster - Directory/File, DNS and VHost busting tool
- DirBuster - A multi threaded Java application designed to brute force directories and files names on web/application servers.
- git-dumper - A tool to dump a git repository from a website
- TruffleHog - Find, verify, and analyze leaked credentials
SSRF in the Kubernetes (K8S) world
References:
- PayloadsAllTheThing - Server-Side Request Forgery
- DNS for Services and Pods in Kubernetes
- Retrieve instance metadata in AWS
- Metadata in Google Cloud Provider
Container escape to the host system
References:
Docker CIS benchmarks analysis
References:
Kubernetes CIS benchmarks analysis
References:
Attacking private registry
References:
Analyzing crypto miner container
References:
- Docker Hub Hack of 190k accounts review
- 20 Million Miners: Finding Malicious Cryptojacking Images in Docker Hub
- Tainted, crypto-mining containers pulled from Docker Hub
Gaining environment information
References:
Hacker container preview
Tools:
Hidden in layers
Tools:
- dive - a tool for exploring a Docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image
References:
RBAC least privileges misconfiguration
References:
- RBAC Authorization Kubernetes
- Accessing the Kubernetes API from a Pod
- More misconfigurations in Kubernetes? check OWASP WrongSecrets
KubeAudit - Audit Kubernetes clusters
Tools:
Falco - Runtime security monitoring & detection
Tools:
Popeye - A Kubernetes cluster sanitizer
References:
- Popeye - A Kubernetes Cluster Sanitizer - Kubernetes Live Cluster Linter
- popeye
Secure Network Boundaries using NSP
References:
- Kubernetes Network Policies
- Kubernetes Network Policy Recipes by Ahmet Alp Balkan
- Network Policy Editor for Kubernetes
Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement
Tools:
Securing Kubernetes Clusters using Kyverno Policy Engine
References: