A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)

K8S Cluster Attack Point

Attack point: Lateral attack

Attack API Server

Man-in-the-middle attack

Attack Point : Attack the K8S management platform

Attack Point: Attack the mirror library

Upload malicious images

Malicious backdoor image

Malicious EXP image

Using Nday to attack the mirror library

curl -X GET "http://[victim-ip]/api/users/search?username=_" -H "accept: application/json" --user cstest:Test123456

Attack Point: Attack third-party components

Summarize

Reference Link

--

--

Our mission is to get you into information security. We'll introduce you to penetration testing and Red Teaming. We cover network testing, Active Directory.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TutorialBoy

TutorialBoy

120 Followers

Our mission is to get you into information security. We'll introduce you to penetration testing and Red Teaming. We cover network testing, Active Directory.