Attacking Kubernetes defaults to show insecurity out of the box and where to focus security improvements and recommendations. This is used for CyberArk enablement internally.
- Open startMultiple.sh and set the
forloop to1..nwherenis equal to the total number of namespaces you'd like to create. For a classroom holding 40 users, theforloop would be1..40. - Run startMultiple.sh.
- It will create a namespace with web terminal for each user. The web terminal is accessible at
http://<public_ip>:30001throughhttp://<public_ip>:300xxwherexxis equal tonfrom Step 1. - Begin recon & attack of the application container you have gained root to.
You will need to navigate from the web terminal application container to a redis container within the same namespace. From the redis container, you will need to capture the flag that is a Kubernetes Secret given to redis.
A video and text file is available in the workshopSolution directory.
This hands-on lab was developed by CyberArk Labs. It is not supported.
MIT