Kubernetes Penetration Testing

Kubernetes Pen Testing

Kubernetes is the most well-liked container orchestration system. Furthermore, one of the fastest-growing projects in the history of open-source enhances a significant part of many organisations’ compute stack. The versatility and scalability of containers inspire many developers to advance their workloads to Kubernetes. While Kubernetes has many benefits, it also brings new security challenges. Consequently, it is imperative to agree on the numerous security uncertainties that subsist in containerised environments, and especially in Kubernetes.

The MITRE ATT&CK® framework is a knowledge base of known tactics and techniques that are present in the cyberattacks. Begun with coverage for Windows and Linux, the matrices of MITRE ATT&CK comprise the multiple steps that are involved in cyberattacks (tactics) and refine the prized plans in each one of them (techniques). Those matrices aid organisations realise the attack surface in their environments and ensure they have sufficient detections and mitigations to the numerous risks.

Kubernetes ATT&CK Matrix
MITRE’s ATT&CK®
Initial Access to the Kubernetes Cluster
1. Cloud Credentials
2. Compromised Images in Registry
3. Kubeconfig File
4. Application Vulnerability
5. Exposed Dashboard
Malicious Execution on the Kubernetes
1. Execute into Kubernetes
2. bash/cmd inside Kubernetes
3. New Container
4. Application Exploit (RCE)
5. SSH Server running inside Kubernetes
Persistence in Kubernetes
1. Backdoor Kubernetes
2. Writable hostPath mount
3. Kubernetes Cronjob
Privilege Escalation in Kubernetes
1. Privileged Kubernetes
2. Cluster-admin binding
3. hostPath mount
4. Access Cloud resources
Defence Evasion in Kubernetes
1. Clear Kubernetes Logs
2. Delete K8S events
3. Pod/Container name Similarity
4. Connect from Proxy Server
Credential Access in Kubernetes
1. List K8S Secrets
2. Mount Service Principal.
3. Access Container Service Account.
4. Applications Credentials in Configuration Files.
Discovery – Kubernetes
1. Access the K8S API Server.
2. Access Kubelet API.
3. Network Mapping.
4. Access Kubernetes Dashboard
5. Instance Metadata API
Lateral Movement in Kubernetes
1. Explore Cloud Resources.
2. Kubernetes Service Account.
3. Kubernetes Internal Networking.
4. App Credentials in Config Files of Kubernetes.
5. Writable Volume Mounts on the Host.
6. Access Kubernetes Dashboard.
7. Access Tiller Endpoint.
Impact – Kubernetes
1. Data Destruction.
2. Resource Hijacking.
3. Denial of Service Attacks.