Skip to content

NimTechnology

Trình bày các công nghệ CLOUD một cách dễ hiểu.

  • Kubernetes & Container
    • Docker
    • Kubernetes
      • Ingress
      • Pod
    • Helm Chart
    • OAuth2 Proxy
    • Isito-EnvoyFilter
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Vault
    • Longhorn – Storage
    • VictoriaMetrics
    • MetalLB
    • Kong Gateway
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Argo Events
    • Spinnaker
    • Jenkins
    • Harbor
    • TeamCity
    • Git
      • Bitbucket
  • Coding
    • DevSecOps
    • Terraform
      • GCP – Google Cloud
      • AWS – Amazon Web Service
      • Azure Cloud
    • Golang
    • Laravel
    • Python
    • Jquery & JavaScript
    • Selenium
  • Log, Monitor & Tracing
    • DataDog
    • Prometheus
    • Grafana
    • ELK
      • Kibana
      • Logstash
  • BareMetal
    • NextCloud
  • Toggle search form

[DevSecOps] K8s Runtime Attack Scenarios Introduction

Posted on June 30, 2023June 30, 2023 By nim No Comments on [DevSecOps] K8s Runtime Attack Scenarios Introduction

Bài này hay quá nên là mình đã lưu lại.
Link bài gốc ở đây: https://systemweakness.com/k8s-runtime-attack-scenarios-2f12816a400b

Hello, I created this article to collect my articles about Container Runtime Attack scenarios that I created for K8s and similar environments. You can think of this article as a kind of starting point for other articles. If you don’t want to reading the details of blog and want to see directly attack scenario, you can quickly go over the 4 items. Otherwise i shared below the motivation for creating such a series.

If I need to talk briefly, I wanted to create such an article series because I saw that when we use these scenarios with my consultancy work experience, my current company and my friends working in corporate companies, it was very useful for us to understand the security of the current environment (K8s and similar) and the capability of the PoC Container Security product.

Contents

Toggle
  • 1. Why
  • 2. About Attack
  • 3. Preparing the Environment
    • Kubectl setup
    • Minikube setup
    • Attack Lab Setup
    • GitHub – Erdemstar/K8s-Runtime-Attack-Scenario: This repository is prepared for the personal who…
      • This repository is prepared for the personal who want to attack kubernetes and similar environments and see the…
  • 4. Attack Scenarios

1. Why

I can say that the first reason I want to create such a series is because the security of Kubernetes and similar environments is discussed theoretically in the blogs I read on Container Runtime Attack scenarios, but the practical side of the business is not addressed. My second reason is to show the problems that may occur as a result of the companies that have the orchestration environment not making the necessary security hardenning or incomplete configurations.

My purpose here is not only to produce a technical content, but beyond that I thought that the scenarios I will share, will provide you with similar benefits, as I mentioned above, as they help us measure the maturity of the orchestration solution in different business environments and control the rules of the security products running on it 🙂

When I deal with this and other details, I thought that it would be useful for those who will follow this series of articles, and I wanted to get a motivation from here and share the scenarios that I have created and will create in the future.

2. About Attack

Above, I talked about why I created the content in general and its benefits. Here, I would like to share with you my thoughts and setup in a little more detail about attack scenarios.

  • In each attack scenario I will share, my goal will be to perform a specific attack.
  • I will use the vulnerable images that I created and deliberately left on them while preparing the attack environment.
  • There will be no content to bypass any WAF, Firewall, etc. security products.
  • While one of the container images I created has web security vulnerabilities, the other one will have some useful tools found in Kali. In this way, I will be able to produce more than one attack scenario.
  • I will not aim to tell you about Blacbox Pentest and its steps in attack scenarios. As a person who knows the environment and how to exploit the related vulnerabilities, I will try to create my articles, show you how the related attacks are made, and create a guide that will allow you to do the same.
  • I created attack scenarios using my knowledge and experience in Web, Network, Container and Kubernetes security.
  • At the end of the day, I would like to reiterate that my main goal is to provide content that will help you while measuring the safety of your environment and to write a guide that shows you how to do them.

3. Preparing the Environment

If you want to try the attack scenarios I have described in a test environment, I have briefly mentioned the installation steps below. If you want to proceed without installation, you can skip to the “Attack Lab Setup” heading.

Kubectl setup

First of all, the kubectl tool must be installed on the machine you will work on. This tool simplifies the communication between the Client and Kubernetes (you can think of it as a Docker client). Since I used MacOS while preparing this series, I shared the installation command on MacOS below, but you can check and install it on other platforms via the link.

brew install kubectl

Minikube setup

I will use a tool called Minikube to quickly create a test environment. You can run it quickly with a few commands and create a K8s Cluster on the machine you are using.

If you run a command like below, Minikube will present you an environment on Docker. If you want to work on Docker, I recommend you to install Docker first, otherwise you will get an error.

minikube start

The following command can be used to set up a more efficient environment. After this command, Controlplane + 1 Worker node will be installed in your environment.

minikube start --cpus 4 --memory 4096 --nodes 2

If everything is fine until this step, you will get an output like the one above. With the help of the command below, we check your Cluster environment and whether the kubectl command is working properly.

kubectl get node

If you have received similar outputs so far, congratulations K8s is working in your environment in a healthy way.

Attack Lab Setup

Lab Info

I thought it was more efficient to use Medium just for setting up the environment and showing attack scenarios. I decided to keep the necessary information for the environment setup in the Github Repo that I shared below.

GitHub – Erdemstar/K8s-Runtime-Attack-Scenario: This repository is prepared for the personal who…

This repository is prepared for the personal who want to attack kubernetes and similar environments and see the…

github.com

When you click on the link and look at the Repository, you will see something like the following. Here there will be folders for each attack scenario.

When you click on a scenario you have chosen, a screen like the one below will appear. In this screen, you will see both the manifest file for the relevant attack scenario and a Readme.md file describing the content of the manifest file.

Thus, you will be able to see the file that will create the lab, and you will know what the objects in your environment are in the relevant file.

Lab Setup

I have shared a sample lab setup command for you below.

kubectl apply -f https://raw.githubusercontent.com/Erdemstar/K8s-Runtime-Attack-Scenario/main/0-Scenario/environment.yml

If you run this command as follows and get a similar screenshot, the sample lab setup has been successfully created in your environment.

Afterwards, I connected to the relevant Minicube Cluster via SSH and made a curl request as below and verified whether the environment was running. You can do similar validation as follows.

curl <master/worker-node-ip>:30080

4. Attack Scenarios

  • Scenario 1 — (Remote Code Execution)
  • Scenario 2 — (Read Sensitive File)
DevSecOps

Post navigation

Previous Post: [Kubernetes] Taints and Tolerations
Next Post: [Zeus] Retention Project

More Related Articles

[Kubernetes Operations and Security] CIS Benchmarking and Kube-bench – Follow the best practice security recommendations for your Kubernetes. DevSecOps
[DevSecOps] What is DevSecOps DevSecOps
[Falco] Detect and watch all commands in your Kubernetes cluster DevSecOps
[Security] How to access S3 when you stay at any EC2! DevSecOps
[DevSevOps] How to Install OpenVAS DevSecOps
[KubeSec] Security risk analysis for Kubernetes resources DevSecOps

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Tham Gia Group DevOps nhé!
Để Nim có nhiều động lực ra nhiều bài viết.
Để nhận được những thông báo mới nhất.

Recent Posts

  • [Laravel] Laravel Helpful June 26, 2025
  • [VScode] Hướng dẫn điều chỉnh font cho terminal June 20, 2025
  • [WordPress] Hướng dấn gửi mail trên WordPress thông qua gmail. June 15, 2025
  • [Bitbucket] Git Clone/Pull/Push with Bitbucket through API Token. June 12, 2025
  • [Teamcity] How to transfer the value from pipeline A to pipeline B June 9, 2025

Archives

  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021

Categories

  • BareMetal
    • NextCloud
  • CI/CD
    • Argo Events
    • ArgoCD
    • ArgoWorkflows
    • Git
      • Bitbucket
    • Harbor
    • Jenkins
    • Spinnaker
    • TeamCity
  • Coding
    • DevSecOps
    • Golang
    • Jquery & JavaScript
    • Laravel
    • NextJS 14 & ReactJS & Type Script
    • Python
    • Selenium
    • Terraform
      • AWS – Amazon Web Service
      • Azure Cloud
      • GCP – Google Cloud
  • Kubernetes & Container
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Docker
    • Helm Chart
    • Isito-EnvoyFilter
    • Kong Gateway
    • Kubernetes
      • Ingress
      • Pod
    • Longhorn – Storage
    • MetalLB
    • OAuth2 Proxy
    • Vault
    • VictoriaMetrics
  • Log, Monitor & Tracing
    • DataDog
    • ELK
      • Kibana
      • Logstash
    • Fluent
    • Grafana
    • Prometheus
  • Uncategorized
  • Admin

Copyright © 2025 NimTechnology.