Skip to content

Writeups

General

Article Description
K8s/GKE Attack Tech Notes How GitLab's Red Team has thought about attacking their own K8s infrastructure
They told me I could be anything, so I became a Kubernetes node Using K3s for command and control on compromised Linux hosts
Kubernetes Pod Escape Using Log Mounts How a pod running as root and with a mount point to the node's /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs
Compromising Read-Only Containers with Fileless Malware Mechanics and prevalence of malware fileless execution in attacking read-only containerized environments
Let's talk about Kubernetes on the Internet Information about Kubernetes network attack surface, and some tricks for identifying Kubernetes clusters based on their responses to basic requests

Privesc

Article Description
Basic Kubernetes Privilege Escalation
  • Let's say you got a reverse shell from a process running in a Kubernetes environment
  • This guide details the basic steps you can take to escalate your privileges within Kubernetes
Bad Pods: Kubernetes Pod Privilege Escalation
  • What are the risks associated with overly permissive pod creation in Kubernetes?
  • 8 insecure pod configurations and the corresponding methods to perform privilege escalation
  • See also the companion badPods repository
GKE Kubelet TLS Bootstrap Privilege Escalation
  • Privilege escalation with Kubelet TLS bootstrapping in Google Kubernetes Engine
  • Starting with compromised CGP credentials, then stole TLS Bootstrap credentials by listing Compute Engine instances, generated and submitted CSRs, acted as worker nodes, stole secrets and gained cluster admin access in the GKE cluster
Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC
  • How granting rights to node/proxy resources in Kubernetes could allow for audit logs and other security controls to be bypassed
Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms
  • Pods with an elevated set of privileges required to do their job, could be used as a jumping off point to gain escalated privileges
Container Breakouts

Kubelet

Article
Attacking Kubernetes through Kubelet
Hacking Kubelet on GKE