Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cloud - Hands-on

611 views

Published on

Based on recent research of mine this will be a Hands-on demonstration of Docker and Kubernetes exploitation and a deep dive on how to achieve remote code execution through low hanging fruits of docker and Kubernetes.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cloud - Hands-on

  1. 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Hacking and Securing Kubernetes and docker in cloud Hands-on demo - get all low hanging fruits Apoorv Raj Saxena Fire Compass Red Team Researcher https://twitter.com/ secxena
  2. 2. SACON 2020 Previously: SDE - Airstacks Head of Engineering - VItt.ai Recently: Red Team Researcher - Fire Compass Cloud Infrastructure Penetration Testing Research on Containerized system Past Year: Bug Bounty Hunting CTFs https://twitter.com/secxena About secxena
  3. 3. SACON 2020 ● Introduction ● Docker + Kubernetes inSecurity ● Exploitation ● Demos ● Mitigations Agenda
  4. 4. SACON 2020 ! Raise awareness of high-risk attacks possible in default installs ! Demonstrate the attacks “live” ! Provide hardening methods ! Share additional hardening tips Goal
  5. 5. SACON 2020 Docker Image: The basic of a Docker container. Represents a full application. Docker Container: The standard unit in which the application service resides and executes Docker Engine: Creates, ships and runs Docker containers deployable on a physical or virtual, host locally, in a data center or cloud service provider Registry Service: Cloud or server based storage and distribution service for your images Terminology
  6. 6. SACON 2020 • Docker Engine • Port 2375 • Port 2376 • Unauthenticated Access • Docker Registry • Default Image Creds • Unauthenticated API endpoint Low hanging fruits
  7. 7. SACON 2020 1. POD 2. NODE 3. CLUSTER 4. CONTROL PLANE 5. KUBERNETES API 6. MASTER 7. kube-apiserver Terminology
  8. 8. SACON 2020 Low Hanging Fruits - High Rewards Unauthenticated API server Kubeletexploit Kernel level exploit Network Isolation Pod Security Policy
  9. 9. SACON 2020 Access the Kubernetes API Without Credentials? $ curl -s http:// 10.5.5.5:8080
  10. 10. SACON 2020 Unauthenticated Kubelet API ? Directly Demo ? $ curl -sk https:// 10.5.6.7:10250/runningpods/
  11. 11. SACON 2020 1. Auth 2. Both way TLS 3. No-defaults 4. CIS Audit Framework 5. Internal - external audits Mitigation
  12. 12. SACON 2020 1. More than 200 Vulnerable organizations 2. 20+ Financial Services 3. NASA, EASA, ORACLE, Microsoft, Zoomcar etc 4. Bank third party vendor 95 Banks affected. Research results
  13. 13. SACON 2020 Questions ?

×