Skip to content

Writeups

General

Article Description
K8s/GKE Attack Tech Notes How GitLab's Red Team has thought about attacking their own K8s infrastructure
They told me I could be anything, so I became a Kubernetes node Using K3s for command and control on compromised Linux hosts

Privesc

Article Description
Basic Kubernetes Privilege Escalation
  • Let's say you got a reverse shell from a process running in a Kubernetes environment
  • This guide details the basic steps you can take to escalate your privileges within Kubernetes
Bad Pods: Kubernetes Pod Privilege Escalation
  • What are the risks associated with overly permissive pod creation in Kubernetes?
  • 8 insecure pod configurations and the corresponding methods to perform privilege escalation
  • See also the companion badPods repository
GKE Kubelet TLS Bootstrap Privilege Escalation
  • Privilege escalation with Kubelet TLS bootstrapping in Google Kubernetes Engine
  • Starting with compromised CGP credentials, then stole TLS Bootstrap credentials by listing Compute Engine instances, generated and submitted CSRs, acted as worker nodes, stole secrets and gained cluster admin access in the GKE cluster
Container Breakouts
Back to top