How Attackers Use Exposed
Prometheus Server to Exploit
Kubernetes Clusters.
The first step in any pentesting, ethical hacking or cybercriminal groups, is to
gather as much information as you can about the target you want to breach.
Why? Simple, to know what technique to use or the appropriate tools to achieve
intrusion and evasion of defense systems.
Information on versions inside the cluster can map to CVE and vulnerabilities that
can be exploited.
Information on applications, tools and architectures can be used for competitors.
Prometheus in the wild
Title
Prometheus collects and stores its metrics as time series data, i.e. metrics information is
stored with the timestamp at which it was recorded, alongside optional key-value pairs
called labels.
Prometheus allows (and recommends) using basic authentication, but not enabled by
default: https://prometheus.io/docs/operating/security/
Exposing open Prometheus endpoints to the Internet is a bad idea... and as every bad
idea, it's highly adopted:
What will we us to fingerprint Kubernetes?
Title
Two of the most widely used exporters offer most of the
information that we need:
Node ExporterKube State Metrics
●
●●
●
●
●
●
●
Physical infrastructure
Network interfaces
Host OS & kernel
Kubernetes components
Hostnames and network topology
Logical hierarchy
Secrets location
Applications (and versions) deployed
Fingerprinting Physical Infrastructure
Title
Node Exporter:
node_dmi_info
bios_vendor:
● SeaBIOS
● Amazon EC2
bios_version:
● seabios-1.9.1-qemu-project.org
● 8f19b21
● 1.0
bios_release:
● 1.0
bios_date:
● 10/16/2017
● 04/01/2014
chassis_asset_tag:
● Amazon EC2
chassis_vendor:
● Amazon EC2
● Alibaba Cloud
system_vendor:
● Tencent Cloud
● Amazon EC2
● Alibaba Cloud
product_name:
● m5.xlarge
● Alibaba Cloud ECS
product_version:
● pc-i440fx-2.1
board_vendor:
● Amazon EC2
board_asset_tag:
● i-00280f617XXXXX
board_vendor:
● Smdbmds
● Amazon EC2
Fingerprinting network interfaces
Title
Node Exporter:
node_network_info{device=~'eth.+'}
{
address="06:d5:XX:XX:XX:XX",
broadcast="ff:ff:ff:ff:ff:ff",
device="eth0",
instance="172.31.XX.XX:9100",
instance_az="us-west-2a",
instance_id="i-XXXXX",
instance_name="XXX-XXX",
instance_type="c5.xlarge",
instance_vpc="vpc-XXXXXXX",
job="ec2_instances",
operstate="up"
}
Fingerprinting network topology
Title
KSM:
kube_node_info
kube_service_info * on (service) group_left group by
(service,type)(kube_service_spec_type{type="LoadBalancer"})
kube_ingress_info
Node hostname
Services in the cluster (specially load-balancers)
● namespace
● cluster IP
● node
● (application behind the service can be guessed
by name of service/namespace)
Ingresses in the cluster
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
Architecting for cloud native requires a completely different perspective on security. The attack surface, and the potential attack vectors have completely changed. Most of the past assumptions around people, processes, infrastructure and more are no longer valid. You have to assume any vulnerability will be exploited, and trust no-one - whether external or internal. You have to look at threat modelling to inform and prioritize the approach, and implement security based on defense in depth. This deck and webinar explore what steps we have taken to implement a "Zero Trust" model when we re-architected the integration portfolio to create what is now Cloud Pak for Integration, and how customers can build upon these in their own integration solutions.
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
Kubernetes provides an automated platform to deployment, scaling and operations of applications across a cluster of hosts. Complementing Kubernetes with a series of build scripts in conjunction with Travis-CI, GitHub, Artifactory, and Google Cloud Platform, we can take code from a merged pull request to a deployed environment with no manual intervention on a highly scaleable and robust infrastructure.
Kubered -Recipes for C2 Operations on KubernetesJeffrey Holden
Outlines the process of using Kubernetes to deploy command and control infrastructure quickly and efficiently into the AWS cloud. Kubred script available at https://github.com/cloudc2/kubered
Monitoring Your AWS EKS Environment with DatadogDevOps.com
Join Datadog for a webinar on monitoring Kubernetes with a focus on Amazon EKS. You'll learn how to get the most out of Datadog's intuitive platform and EKS's unique capabilities, including:
How to monitor metrics, logs and traces from your EKS environment
How to test the usability of your environment with features such as adaptive Browser Tests and globally available Real User Monitoring
How to find and fix user-facing issues with synthetic monitoring features like adaptive Browser Tests and globally available Real User Monitoring
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Cloud-native .NET Microservices mit KubernetesQAware GmbH
BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware).
Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
Architecting for cloud native requires a completely different perspective on security. The attack surface, and the potential attack vectors have completely changed. Most of the past assumptions around people, processes, infrastructure and more are no longer valid. You have to assume any vulnerability will be exploited, and trust no-one - whether external or internal. You have to look at threat modelling to inform and prioritize the approach, and implement security based on defense in depth. This deck and webinar explore what steps we have taken to implement a "Zero Trust" model when we re-architected the integration portfolio to create what is now Cloud Pak for Integration, and how customers can build upon these in their own integration solutions.
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
Kubernetes provides an automated platform to deployment, scaling and operations of applications across a cluster of hosts. Complementing Kubernetes with a series of build scripts in conjunction with Travis-CI, GitHub, Artifactory, and Google Cloud Platform, we can take code from a merged pull request to a deployed environment with no manual intervention on a highly scaleable and robust infrastructure.
Kubered -Recipes for C2 Operations on KubernetesJeffrey Holden
Outlines the process of using Kubernetes to deploy command and control infrastructure quickly and efficiently into the AWS cloud. Kubred script available at https://github.com/cloudc2/kubered
Monitoring Your AWS EKS Environment with DatadogDevOps.com
Join Datadog for a webinar on monitoring Kubernetes with a focus on Amazon EKS. You'll learn how to get the most out of Datadog's intuitive platform and EKS's unique capabilities, including:
How to monitor metrics, logs and traces from your EKS environment
How to test the usability of your environment with features such as adaptive Browser Tests and globally available Real User Monitoring
How to find and fix user-facing issues with synthetic monitoring features like adaptive Browser Tests and globally available Real User Monitoring
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Cloud-native .NET Microservices mit KubernetesQAware GmbH
BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware).
Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.
Deploy 22 microservices from scratch in 30 mins with GitOpsOpsta
- What do you need to deploy microservices?
- What is Docker, Kubernetes, Infrastructure, and GitOps?
- Why can GitOps help us to improve the DevOps process?
- Demo GitOps
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Google DevFest 2022
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Xpdays: Kubernetes CI-CD Frameworks Case StudyDenys Vasyliev
A set of flexible and comprehensive operation principles to cover all stages of a modern application life cycle.
Almost any Customer wants the Setup to be compatible with existing infrastructure. It assumes a Bare Metal, Private or Public Cloud. In special cases even offline setup, for example, Airports, Fintech sector or Telecom operators. The main requirements are: Scalability, High Availability, Security Compliance, Professional Service.
So, we should cover all three tiers: Infrastructure, Control Plane and Application Plane. Market leaders are Drone, Argo and Knative. And our story we called Cloud Flex Framework.
[20200720]cloud native develoment - Nelson LinHanLing Shen
There is no shortage now of development and CI/CD tools for cloud-native application development. But how do we put the cloud-native concept and think as the cloud-native way on the leftmost side of CI/CD pipeline.
During developing phrase, the tools provided with cloud code can help you expedite iteration of source codes, run and debug cloud native applications in an easy and fast way, making cloud-native development turn into real-time process, reduce the gap between deployment and development.
現在不乏用於雲原生應用程序開發的開發和 CI/CD工具。 但是,我們如何將雲原生概念放在的 CI/CD 流水線的最左側呢?
在開發階段,如何用 Cloud code 協助您加快原始碼的迭代速度,以簡便快捷的方式運行和調用雲原生應用程序,使雲原生開發變為即使過程,縮小開發與部署之間的差
Anthos Security: modernize your security posture for cloud native applicationsGreg Castle
In this talk we describe a high-level workflow for securing Kubernetes clusters across GKE, Anthos on AWS, and Anthos On-Prem. There's a lot to cover: about 30 products and features across 3 platforms!
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Cloud Native Night, April 2018, Mainz: Workshop led by Jörg Schad (@joerg_schad, Technical Community Lead / Developer at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night/
PLEASE NOTE:
During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
DETAILS ABOUT THE WORKSHOP:
Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
Security Patterns for Microservice Architectures - Oktane20Matt Raible
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
DCEU 18: Docker Enterprise Platform and ArchitectureDocker, Inc.
Jean Rouge - Sr. Software Engineer, Docker
David Yu - Product Manager, Docker
Docker Enterprise is an enterprise container platform for developers and IT admins building and managing container applications. The platform includes integrated orchestration (Swarm and Kubernetes), advanced private image registry, and centralized admin console to secure, troubleshoot, and manage containerized applications. This talk will focus on the Docker Enterprise platform's technical architecture, key features and use cases it is designed to support. Key areas covered in this session: -Latest features and enhancements -Security and Compliance - how to ensure oversight and validate applications for different compliance regulations -Operational Insight - how to identify and troubleshoot issues in your container environment -Integrated Technology - the technologies are supported and can be run with Docker Enterprise -Policy-based Automation - how to scale container environments through automated policies.
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
Container Technologien erfreuen sich grosser Beliebtheit und sind mittlerweile auch im Microsoft Entwicklerumfeld angekommen. Visual Studio als Entwicklungswerkzeug bietet neu eine direkte Docker Unterstützung und mit Asp.NET Core respektive .NET Core ist auch die Kompatibilität mit Linux-basierten Docker Containern gegeben. Erfahren Sie in diesem Vortrag, wie sie mit Visual Studio und TFS eine Docker-basierte Build und Release Automatisierung implementieren und betreiben. Mit Azure Container Services haben wir einen skalierbare und ausfallsicheren Cluster zur Verfügung, welcher sich optimal in unsere Release-Pipeline integriert.
Winning in the Dark: Defending Serverless InfrastructurePuma Security, LLC
This technical session examines real world scenarios security professionals will encounter defending Cloud workloads running on Serverless Infrastructure. Attendees will see a series of hands-on attack techniques for extracting credentials from serverless functions, and how to leverage those credentials for data exfiltration.
The session starts with insecure secrets management in Serverless. Live demonstrations will show how a vulnerability in a function can allow attackers to exfiltrate secrets from a configuration file inside the function’s execution environment.
Attendees will then see how to extract credentials from a function’s execution environment, and use those credentials from a remote machine to gain unauthorized access to data.
Next, the session explores the ephemeral execution environment that is supposed to live for a few hundred milliseconds and then disappear. In practice, does that hold true?
Concluding the session, we discuss some defensive techniques for locking down serverless environments, controlling egress traffic, restricting credential access, and querying audit logs.
Attendees will leave with an understanding of the common attacks and practical security controls for defending their Serverless Infrastructure.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Deploy 22 microservices from scratch in 30 mins with GitOpsOpsta
- What do you need to deploy microservices?
- What is Docker, Kubernetes, Infrastructure, and GitOps?
- Why can GitOps help us to improve the DevOps process?
- Demo GitOps
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Google DevFest 2022
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Xpdays: Kubernetes CI-CD Frameworks Case StudyDenys Vasyliev
A set of flexible and comprehensive operation principles to cover all stages of a modern application life cycle.
Almost any Customer wants the Setup to be compatible with existing infrastructure. It assumes a Bare Metal, Private or Public Cloud. In special cases even offline setup, for example, Airports, Fintech sector or Telecom operators. The main requirements are: Scalability, High Availability, Security Compliance, Professional Service.
So, we should cover all three tiers: Infrastructure, Control Plane and Application Plane. Market leaders are Drone, Argo and Knative. And our story we called Cloud Flex Framework.
[20200720]cloud native develoment - Nelson LinHanLing Shen
There is no shortage now of development and CI/CD tools for cloud-native application development. But how do we put the cloud-native concept and think as the cloud-native way on the leftmost side of CI/CD pipeline.
During developing phrase, the tools provided with cloud code can help you expedite iteration of source codes, run and debug cloud native applications in an easy and fast way, making cloud-native development turn into real-time process, reduce the gap between deployment and development.
現在不乏用於雲原生應用程序開發的開發和 CI/CD工具。 但是,我們如何將雲原生概念放在的 CI/CD 流水線的最左側呢?
在開發階段,如何用 Cloud code 協助您加快原始碼的迭代速度,以簡便快捷的方式運行和調用雲原生應用程序,使雲原生開發變為即使過程,縮小開發與部署之間的差
Anthos Security: modernize your security posture for cloud native applicationsGreg Castle
In this talk we describe a high-level workflow for securing Kubernetes clusters across GKE, Anthos on AWS, and Anthos On-Prem. There's a lot to cover: about 30 products and features across 3 platforms!
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Cloud Native Night, April 2018, Mainz: Workshop led by Jörg Schad (@joerg_schad, Technical Community Lead / Developer at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night/
PLEASE NOTE:
During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
DETAILS ABOUT THE WORKSHOP:
Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
Security Patterns for Microservice Architectures - Oktane20Matt Raible
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
DCEU 18: Docker Enterprise Platform and ArchitectureDocker, Inc.
Jean Rouge - Sr. Software Engineer, Docker
David Yu - Product Manager, Docker
Docker Enterprise is an enterprise container platform for developers and IT admins building and managing container applications. The platform includes integrated orchestration (Swarm and Kubernetes), advanced private image registry, and centralized admin console to secure, troubleshoot, and manage containerized applications. This talk will focus on the Docker Enterprise platform's technical architecture, key features and use cases it is designed to support. Key areas covered in this session: -Latest features and enhancements -Security and Compliance - how to ensure oversight and validate applications for different compliance regulations -Operational Insight - how to identify and troubleshoot issues in your container environment -Integrated Technology - the technologies are supported and can be run with Docker Enterprise -Policy-based Automation - how to scale container environments through automated policies.
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
Container Technologien erfreuen sich grosser Beliebtheit und sind mittlerweile auch im Microsoft Entwicklerumfeld angekommen. Visual Studio als Entwicklungswerkzeug bietet neu eine direkte Docker Unterstützung und mit Asp.NET Core respektive .NET Core ist auch die Kompatibilität mit Linux-basierten Docker Containern gegeben. Erfahren Sie in diesem Vortrag, wie sie mit Visual Studio und TFS eine Docker-basierte Build und Release Automatisierung implementieren und betreiben. Mit Azure Container Services haben wir einen skalierbare und ausfallsicheren Cluster zur Verfügung, welcher sich optimal in unsere Release-Pipeline integriert.
Winning in the Dark: Defending Serverless InfrastructurePuma Security, LLC
This technical session examines real world scenarios security professionals will encounter defending Cloud workloads running on Serverless Infrastructure. Attendees will see a series of hands-on attack techniques for extracting credentials from serverless functions, and how to leverage those credentials for data exfiltration.
The session starts with insecure secrets management in Serverless. Live demonstrations will show how a vulnerability in a function can allow attackers to exfiltrate secrets from a configuration file inside the function’s execution environment.
Attendees will then see how to extract credentials from a function’s execution environment, and use those credentials from a remote machine to gain unauthorized access to data.
Next, the session explores the ephemeral execution environment that is supposed to live for a few hundred milliseconds and then disappear. In practice, does that hold true?
Concluding the session, we discuss some defensive techniques for locking down serverless environments, controlling egress traffic, restricting credential access, and querying audit logs.
Attendees will leave with an understanding of the common attacks and practical security controls for defending their Serverless Infrastructure.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
4. Title
Assume you are a target, but not for free
● Follow the Kubernetes security best practices.
● Use Prometheus to monitor everything.
● But don’t let the door open.
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF
We are not going to break and break into
Kubernetes Cluster or Prometheus.
5. Title
Why Kubernetes fingerprinting?
The first step in any pentesting, ethical hacking or cybercriminal groups, is to
gather as much information as you can about the target you want to breach.
Why? Simple, to know what technique to use or the appropriate tools to achieve
intrusion and evasion of defense systems.
Information on versions inside the cluster can map to CVE and vulnerabilities that
can be exploited.
Information on applications, tools and architectures can be used for competitors.
https://www.eccouncil.org/ethical-hacking/
6. Title
Kubernetes in the wild
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
7.
8. Title
But Prometheus is only metrics…
https://www.cncf.io/online-programs/a-look-at-how-hackers-exploit-prometheus-grafana-fluentd-jaeger-more/
https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
https://github.com/juice-shop/juice-shop/issues/1275
9. Title
Prometheus in the wild
Prometheus collects and stores its metrics as time series data, i.e. metrics information is
stored with the timestamp at which it was recorded, alongside optional key-value pairs
called labels.
Prometheus allows (and recommends) using basic authentication, but not enabled by
default: https://prometheus.io/docs/operating/security/
Exposing open Prometheus endpoints to the Internet is a bad idea… and as every bad
idea, it's highly adopted:
10. Title
More Prometheus in the wild
Shodan -> favicons (https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv)
Censys (https://search.censys.io/)
Fofa (https://fofa.info/)
61854
161.274
11. Title
What will we us to fingerprint Kubernetes?
Two of the most widely used exporters offer most of the
information that we need:
Node Exporter
● Physical infrastructure
● Network interfaces
Kube State Metrics
● Host OS & kernel
● Kubernetes components
● Hostnames and network topology
● Logical hierarchy
● Secrets location
● Applications (and versions) deployed
18. Title
Fingerprinting network topology
KSM:
kube_node_info
kube_service_info * on (service) group_left group by
(service,type)(kube_service_spec_type{type="LoadBalancer"})
kube_ingress_info
Node hostname
Services in the cluster (specially load-balancers)
● namespace
● cluster IP
● node
● (application behind the service can be guessed
by name of service/namespace)
Ingresses in the cluster
22. Title
Fingerprinting Kubernetes Control Plane
Kubernetes:
kubernetes_build_info
Component
● API-server
● controller-manager
● kube-proxy…
Major, minor version
git version
git commit
build_date
go_version
23. Cloud provider
● AWS Keys
● Tencent Keys
● Alibaba Keys
Load
Balancer
AZ
VPC-ID
K8s Cluster
https://www.example.com
Master
Node
namespace
Pod
Pod
Container
Container
Ingress
32. Title
Logging queries in Prometheus
Prometheus allows query logging… but it's not enabled by
default.
You can check if loggin is enabled by querying this metric:
prometheus_engine_query_log_enabled
https://prometheus.io/docs/guides/query-log/
33. Title
Real History
Now, the attacker prepares the journey and the intrusion target.
In this fictitious examples, the attacker might want to access the data leak,
use your machines for cryptomining or encrypt the victim's data (ransomware).
With this knowledge of Prometheus exposed, the attacker uses the specific
technique for each case.
https://cd.blokt.com/wp-content/uploads/2018/02/crypto-mining-e1518714481556.jpg
https://miro.medium.com/max/750/1*TSX7fu85EwGEdnhA-Sv4cA.jpeg
34. Title
Leak data scenario - Attacker Path
Service
● Service-example
○ Website
○ API
○ …
○ https://example.com
Cloud provider
Credentials:
● AWS Keys
● Tencent Keys
● Alibaba Keys
Networking
● Load Balancer
● Region & AZ
● VPC
● Instance IP & ID
K8s Cluster
Components:
● Kube-proxy
● Kube-admin
● Kubelet
Topology
● Cluster IP
● Namespaces
● Nodes
Node
● Kernel
● OS
● Go version
● Git version
● Docker
Pod / Container
Registry:
● docker.io
Image:
● Image-id
Kubernetes Secrets
● Service auth
tokens
Known Vulnerabilities:
● CVE-2020-8554
● CVE-2020-8558
● CVE-2020-8559
● CVE-2021-25735
● CVE-2021-25737
● CVE-2021-25741
Known Vulnerabilities:
● CVE-2022-0847 -
dirty pipe (Kernel
Linux)
● CVE-2022-0185
● USN-3833-1: Linux
kernel (AWS)
vulnerabilities
○ CVE-2018-
18955
● CVE-2021-3156
Known Vulnerabilities:
● CVE-2021-44521 - Cassandra
● https://mariadb.com/kb/en/security/ - RCE
● CVE-2020-28035
● Wordpress
● CVE-2018-16850 - PostgreSQL
● CVE-2019-11043 - PHP
● CVE-2021-44228 - Log4j
● CVE-2022-22963 - Spring Cloud
● CVE-2020-13942 - Apache unomi
35. Title
Cryptomining scenario - Attacker Path
Service
● Service-example
○ Website
○ API
○ …
○ https://example.com
Cloud provider
Credentials:
● AWS Keys
● Tencent Keys
● Alibaba Keys
Networking
● Load Balancer
● Region & AZ
● VPC
● Instance IP & ID
K8s Cluster
Components:
● Kube-proxy
● Kube-admin
● Kubelet
Topology
● Cluster IP
● Namespaces
● Nodes
Node
● Kernel
● OS
● Go version
● Git version
● Docker
Pod / Container
Registry:
● docker.io
Image:
● Image-id
Kubernetes Secrets
● Service auth
tokens
Known Vulnerabilities:
● CVE-2020-8554
● CVE-2020-8558
● CVE-2020-8559
● CVE-2021-25735
● CVE-2021-25737
● CVE-2021-25741
Known Vulnerabilities:
● CVE-2022-0847 -
dirty pipe (Kernel
Linux)
● CVE-2022-0185
● USN-3833-1: Linux
kernel (AWS)
vulnerabilities
○ CVE-2018-
18955
● CVE-2021-3156
Known Vulnerabilities:
● CVE-2021-44521 - Cassandra
● https://mariadb.com/kb/en/security/ - RCE
● CVE-2020-28035
● Wordpress
● CVE-2018-16850 - PostgreSQL
● CVE-2019-11043 - PHP
● CVE-2021-44228 - Log4j
● CVE-2022-22963 - Spring Cloud
● CVE-2020-13942 - Apache unomi
2
1
3
https://github.com/kozmer/log4j-shell-poc
https://dirtypipe.cm4all.com/
https://github.com/arget13/DDexec
37. Title
Ransomware scenario - Attacker Path
Service
● Service-example
○ Website
○ API
○ …
○ https://example.com
Cloud provider
Credentials:
● AWS Keys
● Tencent Keys
● Alibaba Keys
Networking
● Load Balancer
● Region & AZ
● VPC
● Instance IP & ID
K8s Cluster
Components:
● Kube-proxy
● Kube-admin
● Kubelet
Topology
● Cluster IP
● Namespaces
● Nodes
Node
● Kernel
● OS
● Go version
● Git version
● Docker
Pod / Container
Registry:
● docker.io
Image:
● Image-id
Kubernetes Secrets
● Service auth
tokens
Known Vulnerabilities:
● CVE-2020-8554
● CVE-2020-8558
● CVE-2020-8559
● CVE-2021-25735
● CVE-2021-25737
● CVE-2021-25741
Known Vulnerabilities:
● CVE-2022-0847 -
dirty pipe (Kernel
Linux)
● CVE-2022-0185
● USN-3833-1: Linux
kernel (AWS)
vulnerabilities
○ CVE-2018-
18955
● CVE-2021-3156
Known Vulnerabilities:
● CVE-2021-44521 - Cassandra
● https://mariadb.com/kb/en/security/ - RCE
● CVE-2020-28035
● Wordpress
● CVE-2018-16850 - PostgreSQL
● CVE-2019-11043 - PHP
● CVE-2021-44228 - Log4j
● CVE-2022-22963 - Spring Cloud
● CVE-2020-13942 - Apache unomi
● …
1
2
3
https://github.com/hktalent/spring-spel-0day-poc
38. Title
Summary
We could think that metrics are not important in a security perspective,
but we show that’s not true.
It’s also important to mention that the proper services Kubernetes or
Prometheus advise of the problems to expose their data to the world
39. Title
Recommendations
Today, if we follow security best practices in every part of our chain,
we are safe from most security incidents.
We will have to continue to fight with new vulnerabilities that impact
our services and also, not least, a plan against insiders. But let's at
least make things difficult.
● Secure your Cloud provider with Principle of least privilege.
○ https://www.cisa.gov/uscert/ncas/current-activity/2020/01/24/nsa-releases-guidance-m
itigating-cloud-vulnerabilities
● Secure your Cluster Kubernetes
○ https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Gu
idance_1.1_20220315.PDF
● Secure the Host / OS
○ https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-123.pdf
● Secure the containers
○ https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdf
● Secure your code
○ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-95.pdf
● Secure your Prometheus Metrics!
○ https://prometheus.io/docs/operating/security/#prometheus
