PenTest: Kubernetes Penetration Testing

Description

Dear PenTest Readers,

In the current issue we would like to take a closer look at security of the Kubernetes system. As this open-source system is becoming more and more popular for container orchestration, we came up with an idea to present you the security perspective. 

To start off, we present the fantastic article written by Jeroen Willemsen and Eric Nieuwenhuijsen on do’s and don’ts when securing K8S. Next, we have an interesting insight into Kubernetes master and node attacks, presented by Maxime Coquerel. Furthermore, Samrat Das is showing you the basic knowledge crucial to start hacking Kubernetes, in case you would like to get into it from scratch!

Naturally, there is a lot of different topics covered in other articles. David Evenden publishes his first article with us (welcome!), where he underscores the need for collective solutions in the cyber security world. Dinesh Sharma, one of our regular contributors, presents a honeypot-based intrusion detection system. Robert Fling wrote an interesting piece on CCTV hacking. Tawhidur Rahman provides us with the geopolitical dimension of cybersecurity - this topic is particularly interesting if you’re looking for an academic approach connecting cybersecurity and social sciences. Bruce Williams covers the history of the term “pentesting” while on the journey of rediscovering his old resources. Nouha Ben and Ben Brahim, daughter and father duo, this time present the answers to the most frequently asked questions on error code handling. Last but not least, Brent Whitefield provided us with the article related to the business sphere, and the need of outsourcing security.

Many thanks to every author who helped in creation of this issue.

Without further ado,  

Enjoy the content!

PenTest Magazine’s Editorial Team.

Want to download free preview? Click Here 

If you are already a subscriber get your copy here

---

Table of Contents 

---

10 Pitfalls When Working With K8S

by Jeroen Willemsen and Eric Nieuwenhuijsen

When looking at accessing the workload, you should remember that at its core, the Kubernetes nodes just run Docker containers but Kubernetes just calls them pods. One interesting attack vector to expand your foothold is via the actual containers themselves. When a container proves vulnerable by, for example, allowing SSH, kubectl exec or the applications allows you to do an RCE you have a great starting point. If you’re able to get inside a container, check if you can create new files and/or run/install kubectl: if not, then the container storage volumes are probably read-only, which will prevent a lot of manipulation of the containers. 

---

Kubernetes Master And Node Attacks

by Maxime Coquerel

The objective of this article is to present an introduction of Kubernetes penetration testing. The first goal of a Kubernetes penetration test is to increase the security of the Kubernetes resources and of your company. Security of Kubernetes Cluster is a large subject and pentesting of Kubernetes Cluster also. With a good comprehension of Kubernetes Architecture, everything is possible.

---

Beginning With Kubernetes Hacking

by Samrat Das

The HTTPS service on 10250/TCP is the default management API interface for Kubernetes clusters. It is not secured by default. This means that the developer/administrator is responsible for securing their services. As an attack vector by abusing the API we can achieve low level command execution. 2379/TCP Etcd Port: The HTTP service on 2379/TCP is the default etcd service for your Kubernetes instance. The API interface is accessible and not secured by default.

---

A Secure Cyber World Will Require a Collective Solution

by David Evenden

Of course, most cyber related events may not cause the immediate death of an individual, but could potentially cause the largest cyber breach in recent history where an elastic database left millions of documents exposed to the open internet. If you’re an offensive security professional, this situation may not fit into your definition of breach, however, it does represent a breach of confidentiality and integrity of data. In my opinion, it is not necessary that a hack occurred in order for a breach to have occurred.

---

Honeypot Based Intrusion Detection System

by Dinesh Sharma

Let’s consider a scenario. Here the hacker is trying to hack the web server shown in the above image. He was sitting somewhere on the internet. He somehow manages to bypass the firewall and now he is trying to scan the server for the known vulnerabilities. His vulnerability scanner found that there was a system inside the network established to track the hacker’s activities. A honeypot has the same functionalities as the main server. Port mirroring was enabled on the port to which the honeypot was connected. It means a copy of all the network packets will pass through the honeypot so that real time analysis of the packets can be done. When the hacker tried to scan for open ports, his activity will be logged and his intent will be tracked.

---

Hacking CCTV

by Robert Fling

If you are new to security it is actually a good exercise for you and can teach you quite a bit. However, as we always say…doing this is illegal so please only do it under devices that you own. In this case, cameras that are connected to your sandboxed network or test lab. Good luck, always be learning and share what you learn. That’s how we all improve. 

---

Cyber Diplomacy Geopolitics

by Tawhidur Rahman

Digital (electronic or computer) diplomacy refers to the use of digital tools and techniques to advance diplomatic goals. If there is a need to avoid confusion, then we must properly define digital diplomacy: it is more of a tool than an end in itself. This tool can be used by state and non-state actors. The development of a diplomatic strategy includes a range of tools and techniques that also includes digital ones enhancing analysis, influencing key policies or policymaking, as well as supporting consular diplomacy. There is always a challenge, namely to develop dedicated digital tools to implement diplomatic strategies since there is a different approach to this issue than the one used to promote commerce and trade.

---

Seeing Pentesting

by Bruce Williams

Every day, all over the world, computer networks and hosts are being broken into. The level of sophistication of these attacks varies widely; while it is generally believed that most break-ins succeed due to weak passwords, there are still a large number of intrusions that use more advanced techniques to break in. Less is known about the latter types of break-ins, because by their very nature they are much harder to detect.

---

Error Code Handling

by Nouha Ben and Ben Brahim

A bug is a fault in a program, which causes it to behave abruptly. Bugs are usually found either during unit testing done by the developer or module testing by testers. A defect is found when the application does not conform to the requirement specification. A defect can also be found when the client or user is testing.

---

Businesses Should Outsource Security To Their IaaS Provider

by Brent Whitfield

We can be sure that the concerted efforts of cybercriminals are going to be directed at breaking into AWS, Azure, GCP and IBM Cloud – the so-called 'Big Four' of the public cloud space. Businesses with unpatched operating systems, shadow IT, weak AIM processes and poor firewall configurations are going to be the low hanging fruit.

---