DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Kubestriker Demolab at DEF CON 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Kubestriker Demolab at DEF CON 29

    Tool Name: Kubestriker - a blazing fast security auditing tool for kubernetes

    Short Abstract:
    Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organization.

    It performs numerous in depth checks on a range of services and open ports on Kubernetes platform to identify any misconfigurations which make organisations an easy target for attackers. In addition, it helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies.

    Furthermore, it comprises the ability to see some components of kubernetes infrastructure and provides visualised attack paths of how hackers can advance their attacks.

    Short Developer Bio:
    Vasant is a security enthusiast and speaker, currently working as a Security Architect and DevSecOps Practitioner.
    His technical abilities span a wide range of technologies across various domains of information security including cloud and container security and penetration testing. He is passionate about cloud and cloud native security, devsecops and security automation.

    URL to any additional information:
    https://github.com/vchinnipilli/kubestriker

    Detailed Explanation of Tool:
    The tool is open source and platform-agnostic making it compatible with various platforms such as self-hosted kubernetes, Amazon EKS, Azure AKS and Google GKE.

    Current capabilities include performing in-depth reconnaissance and automated enumeration for a range of services and open ports. It also scans for a wide range of IAM misconfigurations, misconfigured containers and misconfigured pod security and network policies. It can also assess the excessive privileges of subjects in the cluster and generate an elaborative report with detailed explanation of the findings.

    It also incorporates security for containers running in the cluster by continuously discovering, tracking, scanning, and reporting them, along with the ability to see some of the components of kubernetes infrastructure and provide visualised attack paths of how hackers can advance their attacks by chaining different misconfigured components in the kubernetes cluster.

    Target Audience:
    • Offensive and Defensive Security Professionals
    • Security Auditors
    • Developers, Devops, Sysadmins, Devsecops and SRE professionals
    The aim of the presentation is to demonstrate the kind of attacks that are possible due to misconfigurations. In particular, through the use of Kubestriker, I will demonstrate how misconfigured cluster privileges can compromise the kubernetes platform and its underlying infrastructure, along with showing backdooring cloud environments, avoid detection by manipulating logging controls and access sensitive information and trade secrets due to IAM, pod security policy and webhook misconfigurations.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X