Тем временем Kubernetes Goat уже насчитывает 20 различных сцен | Devious Methods

Тем временем Kubernetes Goat уже насчитывает 20 различных сценариев для атак.

#k8s #devsecops

Sensitive keys in codebases
DIND (docker-in-docker) exploitation
SSRF in the Kubernetes (K8S) world
Container escape to the host system
Docker CIS benchmarks analysis
Kubernetes CIS benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster - [Deprecated]
Analyzing crypto miner container
Kubernetes namespaces bypass
Gaining environment information
DoS the Memory/CPU resources
Hacker container preview
Hidden in layers
RBAC least privileges misconfiguration
KubeAudit - Audit Kubernetes clusters
Falco - Runtime security monitoring & detection
Popeye - A Kubernetes cluster sanitizer
Secure network boundaries using NSP

https://github.com/madhuakula/kubernetes-goat