Hacking a Kubernetes Cluster: A Practical Example!
In this video, we are going to get an overview of the Kubernetes attack surface through a fun demo of hacking into a Kubernetes cluster.
🆓Join our Slack Community for FREE: kode.wiki/JoinOurSlackCommunity
Full Certified Kubernetes Application Developer (CKAD) Course: kode.wiki/CKAD_YT
There are multiple areas that were vulnerable to attack and that’s what we will go over in this lecture. To begin with the Cloud itself. The infrastructure that hosted the Kubernetes cluster was not properly secured and enabled access to ports on the cluster from anywhere. If network firewalls were in place, we could have prevented remote access from the attacker's system. This is the first C in Cloud-native security. It refers to the security of the entire infrastructure hosting the servers. This could be a private or a public cloud, a data center hosting physical machines, a co-located environment. We discuss more this in the last section of the course where we talk about how to detect all phases of attack regardless of where it occurs and how it spreads.
The next is Cluster security. The attacker was easily able to gain access through the docker daemon exposed publicly, as well as the Kubernetes dashboard that was exposed publicly without proper authentication or authorization mechanisms. This could have been prevented if security best practices were followed in securing the docker daemon, the Kubernetes API as well as any GUI we used to manage the cluster such as the Kubernetes Dashboard. We look into these in much more detail in the first section of the course where we talk about Cluster setup and hardening. We will see how to secure the docker daemon and the Kubernetes dashboard as well as other best practices to be followed such as using network policies and ingress.
Next comes the container. The hacker was able to run any container of her choice with no restrictions on what repository it is from or what tag it had. The attacker was able to run a container in privileged mode, which should have been prevented. The attacker was also able to install whatever application she wanted on it without any restriction. These could have been prevented if restrictions were put in place to only run images from a secure internal repository and if running containers in the privileged mode were disallowed. And through sandboxing, containers were isolated better. We discuss these in the Minimize Microservices Vulnerabilities section as well as the Supply chain security sections of the course.
And finally Code. Code refers to the application code itself. Hard coding applications with database credentials or passing critical information through environment variables, exposing applications with TLS are bad coding practices. This is mostly out of scope for this course, however, we do cover some areas such as securing critical information with secrets and vaults, enabling metals encryption to secure pod to pod communication, etc.
To learn more about Security in Cloud-native computing and Kubernetes, check out our course on certified Kubernetes security specialists. We go in-depth in each of these areas and understand common vulnerabilities and security concerns in an environment and how to protect our systems from an attack. The course is fully hands-on with lab activities that will help you validate and remember what you learned in the videos. This will also help you prepare and pass the Certified Kubernetes Security Specialist exam.
So join our community of students at cks.kodekloud.com
#HackingaKubernetesCluster #kodekloud
Пікірлер: 62
Full Certified Kubernetes Application Developer (CKAD) Course: kode.wiki/CKAD_YT
Not a realistic production scenario. Webservers/Load Balancers are usually on a different server and network than the Kubernetes cluster. The cluster itself has no direct internet connectivity and only ports exposed to the world are the HTTP(S) ports of the load balancers
@AndresLeonRangel
2 жыл бұрын
you will be surprised to know that some companies actually have scenarios like this one...
@okharev8114
2 жыл бұрын
if only
Great clip with crisp coverage on security
@KodeKloud
2 жыл бұрын
Glad you enjoyed it! Please subscribe to our channel and keep supporting😊
amazing explanation :) great use-case
Wonderful, great hands on presentation
@KodeKloud
2 жыл бұрын
Many thanks! Please subscribe and encourage us to create more such quality content.
Excellent and eye opener....👌👌👌
@KodeKloud
2 жыл бұрын
Glad you liked it! Thanks:)
Thank you a fantastic video and demonstration
@KodeKloud
Жыл бұрын
Glad it was helpful!
From 2021 Kubernetes (v1.20+) removes the default dependency on docker in favour of containerd. This "attack" may work on a badly configured Kubernetes version prior to that and also on a poorly configured docker swarm cluster.
Awesome 👌
can you please share the material you used for the demo? maybe a git repo?
Great content
@KodeKloud
2 жыл бұрын
Thanks:)
great content
@KodeKloud
2 жыл бұрын
Welcome! Please subscribe to our channel and help us create more such videos. Thanks 😊
I subscribed within the first few seconds of hearing the quality stuff ,lol
What is this tools for port scanning? And where I can get it ?
That election story surely was scary!!! Great video, Mumshad! Always love your videos!
@KodeKloud
2 жыл бұрын
Glad you liked it! Please subscribe and encourage us to create more such quality content.
@ileriayoadebiyi
2 жыл бұрын
What!?? Never knew I wasn’t subscribed 😭 By the way, all my DevOps friends and wannabes are tired of me talking about kodekloud
Awesome 👍
@KodeKloud
Жыл бұрын
Thanks for your love and support!
I can understand ssh port being open by mistake.... but I can't wrap around why docker port is opened?
Awesome 👍😎
@KodeKloud
2 жыл бұрын
Thanks! Please subscribe to the channel and help us do more such creative educational videos.
@aogunnaike
2 жыл бұрын
@@KodeKloud already a subscriber sir, cheers!
Marvellous
@KodeKloud
2 жыл бұрын
Thanks👍 Please subscribe and encourage us to provide more such quality content.
Nice... :)
This is the epitome of one jumps into kubernetes too quickly without regards to any best practices (pain points: exposed docker port + conn string as env var) whatsoever...
@aldyj4733
2 жыл бұрын
And sadly, the majority of people still do this...
@KodeKloud
2 жыл бұрын
Yes, that's true.
Very good demo for people who don't know about hacking
Do people really run their docker hosts with no authentication and their kubernetes dashboards exposed to the internet?
@EderNucci
2 жыл бұрын
No. :-D
Having the docker port exposed is simply the most stupid thing I think someone can do on a cluster. Why they did this?
@thehackingexplorer3636
2 жыл бұрын
Because they are dog lovers. LoL
@kubectlgetpo
2 жыл бұрын
No one did it.. it's made up scenario that teaches theater security
@EderNucci
2 жыл бұрын
@@kubectlgetpo watch again at 0:40 :-)
@CipherNL
2 жыл бұрын
I find it even more fascinating how the http and https ports are not open.
@kubectlgetpo
2 жыл бұрын
@@CipherNL yeah crap scenario all around
Someone know how can i put a logo in my zsh terminal, like that?
Nice
@KodeKloud
2 жыл бұрын
Thanks! Please subscribe to our channel and keep supporting😊
How did you put an icon in ZSH?
@KodeKloud
Жыл бұрын
You can use powerlevel10k for custom ZSH
Hi Mumshad brother, is it possible to be a DevOps engineer for a non tech person? I am an an anthropologist, had career break for children now I got interested in cloud. I am a certified cloud practitioners and courntly I am doing cybersecurity program. I am interested about cloud security though I am new in this field. How long need to I have to work in cloud then I can try for the cloud security? I am a mother of two teenage kids and fourty plass cloud savvy.
@KodeKloud
9 ай бұрын
Certainly, transitioning into a DevOps or cloud security role is achievable, even without a traditional tech background. With your Cloud Practitioner certification, explore advanced cloud certifications and gain hands-on experience. Learn automation tools and DevOps practices. Leverage your unique background in anthropology for soft skills. Focus on cloud security by building on your existing cloud knowledge and pursuing security certifications.
100% !
@KodeKloud
9 ай бұрын
Thank you so much : ) We are glad to be a part of your learning journey
where can we get the dirty-cow.sh
By default docker running only as Unix service
cue fargo theme
😳
@KodeKloud
9 ай бұрын
Thanks for watching our video. Cheers!
:D