Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DIY Kubernetes Pen Testing

DIY Kubernetes Pen Testing

Check for insecure configurations with kube-hunter! This talk shows what kube-hunter is doing and how an attacker might take advantage of insecure configurations in a kubernetes cluster. You can watch a recording of this talk from KubeCon Barcelona here: https://www.youtube.com/watch?v=fVqCAUJiIn0

Liz Rice

May 23, 2019
Tweet

More Decks by Liz Rice

Other Decks in Technology

Transcript

  1. Welcome to Club KubeCon Free entry! Show me your ID

    If you’re not on the list, you’re not coming in Image Channel 4
  2. @handler.subscribe(NewHostEvent) class PortDiscovery(Hunter): def execute(self): for p in default_ports: if

    self.test_connection(self.host, p): self.publish_event(OpenPortEvent(port=p))
  3. @handler.subscribe(OpenPortEvent, predicate= lambda x: x.port == 10255 or x.port ==

    10250) class KubeletDiscovery(Hunter): def get_read_access(self): r = requests.get("http://{host}:{port}/metrics") if r.status_code == 200: self.publish_event(ReadKubeletEvent())