►
From YouTube: Advanced Persistence Threats: The Future of Kubernetes Attacks - Ian Coldwater & Brad Geesaman
Description
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Advanced Persistence Threats: The Future of Kubernetes Attacks - Ian Coldwater, Heroku & Brad Geesaman, Brad Geesaman Consulting
What would happen if your cluster was successfully compromised by an attacker who understands Kubernetes at a deep level? How could they attempt to avoid detection, cover their tracks, achieve full cluster access, obtain persistence, steal credentials, and launch additional attacks in your environment? As Kubernetes grows in popularity, the sophistication of attackers will improve, and security by obscurity will no longer be sufficient. Cluster operators need to be aware of what a skilled and knowledgeable attacker can be capable of. Let’s explore the dark corners of clusters and shine a light on how features such as ephemeral containers and validating webhooks can be used to maliciously mutate pods, exfiltrate data, deploy “shadow” control planes, and more. The audience will learn how to detect these advanced approaches and how to prevent these attacks using practical, proven methods.
https://sched.co/ZesN
A
Kubernetes
turned
six
years
old
this
year
and
both
of
us
have
been
working
with
kubernetes
for
a
few
years.
Now,
both
of
us
have
watched
the
project,
then
its
rapid
rate
of
adoption
grows
and
change
over
time,
and
we,
as
attackers
have
evolved
along
with
it
when
brad
and
I
first
started
learning
kubernetes,
it
was
easier
to
be
able
to
understand
the
whole
stack.
A
This
diagram
here
was
the
first
kubernetes
architecture
diagram
it's
from
2014.
Before
the
project
went
public
even
back,
then
it
wasn't
entirely
accurate.
The
person
who
made
this
diagram
now
describes
the
authorization
on
it
as
aspirational,
because
at
the
time
there
wasn't
any
authorization
on
kubernetes
at
all.
A
A
B
That
means
given
a
given
version
is
only
supported
for
approximately
nine
months
due
to
that
rapid
cadence
managed
kubernetes
providers,
typically
only
support
versions
that
are
one
or
more
minor
releases
behind
the
latest
and
organizations
managing
their
own
kubernetes
clusters.
Often
do
this
too,
as
it
always
takes
some
time
to
test
and
validate
new
releases
before
they
make
it
to
production.
B
For
example,
the
latest
generally
available
kubernetes
release
is
1.19,
but
many
are
running
1.15
or
1.16
in
production,
simply
because
those
are
the
latest
versions
available
to
them,
but
that
can
actually
work
to
our
benefit.
As
defenders,
we
can
use
this
time
to
look
at
new
features
now
before
they're
actually
used
in
a
few
months,
but
as
attackers
that
just
means
there's
plenty
of
old
clusters
to
break.
A
So
everything
is
growing
and
evolving
really
rapidly
and
changing
really
rapidly,
so
as
kubernetes
evolves,
attackers
have
to
evolve
with
it,
as
the
kubernetes
project
has
implemented
more
security
over
time,
attackers
have
had
to
learn
more
about
kubernetes
to
be
effective
than
they
used
to
be.
It
used
to
be
really
easy
to
attack
kubernetes.
A
You
could
just
do
things
like
execute
commands
as
root
with
an
unauthenticated
curl
call
not
actually
kidding.
Now
you
need
a
deeper
understanding
of
the
moving
parts
on
the
high
level
and
often
the
linux
primitives
that
underlie
the
low
levels.
So
all
of
us
have
to
level
up
attackers,
defenders,
everybody
and
in
that
spirit,
let's
look
ahead.
A
bit
we'd
like
to
help
you
level
up.
A
What
does
the
landscape
look
like
coming
down
the
pike?
What
might
attackers
be
able
to
do
moving
forward
we'd
like
to
demonstrate
some
novel
attacks
to
show
you
some
examples
of
what
attacks
can
look
like
in
the
future?
What
could
a
sophisticated
attacker
who
knows
kubernetes
well
be
capable
of
we're
pretty
excited
about
these
attacks.
We
know
you
will
be
too
oh
yeah
before
we
get
into
the
demos.
Let's
get
into
an
attacker
mindset:
what
might
an
attacker
bent
on
foul
play
generally
want
to
do
in
kubernetes.
A
B
A
A
So
on
that,
let's
say
we
are
maybe
a
malicious
administrator
or
an
attacker
who
has
access
to
a
cluster
as
cluster
admin.
We
have
access
to
all
of
the
data
and
secrets
in
this
cluster
already
and
that's
pretty
cool,
but
we
only
have
those
for
right
now
and
they
might
change
over
time.
So
it
would
be
nice
to
see
it
in
real
time
and
get
the
newest
credentials
if
they
get
rolled
or
something
like
that
as
they
get
updated.
A
A
A
validating
web
hook
is
a
native
configuration
option
that
lets
a
cluster
administrator
check
with
an
external
web
service
for
whether
or
not
to
allow
a
resource
to
get
created.
If
you've
heard
of
projects
like
open
policy,
agent,
gatekeeper
or
k-rail,
all
of
these
projects
use
validating
web
hooks.
As
a
mechanism
for
enforcing
security
policy,
here's
how
it
works
when
a
user
submits
a
request
to
do
something
like
create
a
new
pod.
After
going
through
authentication
and
authorization,
it
gets
to
the
validating
admission
controllers.
A
A
B
As
an
attacker
or
a
malicious
admin,
you
might
want
a
web
hook
to
be
called
only
when
secrets
are
created
or
updated.
You
could
install
a
web
hook
like
this
filter,
only
on
secrets
and
then
send
it
to
an
attacking
system
that
just
logs
what
it
receives
so
revisiting
this
data
flow,
but
with
our
malicious
web
hook
in
line
sometime
passes
and
a
user
might
create
a
new
secret
via
the
api
server
and
we'll
assume
it
gets
accepted
by
the
first
validating
web
hook
in
steps
two
and
three
in
step.
B
Four,
the
entire
secret
gets
sent
to
the
attacker
controlled
application
via
web
request.
We
can
configure
our
malicious
application
to
simply
log
the
secret
and
always
send
an
approval
back
to
the
response
it
gets
saved
into
etcd,
then
as
normal,
but
being
good
evil
attackers.
We
don't
want
them
to
notice
if
our
custom
web
hook
service
is
ever
down.
So
we
can
tell
the
api
server
to
wait
up
to
one
second
for
our
web
service
to
respond
yes
and
then
just
fail
open
as
if
we
send
a
yes
anyway.
B
B
And,
as
you
can
see,
it's
a
validating
web
hook
configuration
resource
and
we're
pointing
it
at
the
validator
service
in
the
default
namespace
and
the
failure
policy
is
to
ignore,
which
is
the
fail
open
setting.
We
only
wait
one
second
in
case
our
application
is
ever
down
and
we
continue
on
anyway,
we've
configured
the
rules
to
trigger
only
on
create,
update
or
delete
of
secrets,
resources.
B
B
A
A
We
could
maybe
get
around
it
by
doing
various
things
that
are
kind
of
convoluted,
but
I
feel
like.
Maybe
we
could
make
it
easier
for
ourselves.
Maybe
if
we
bypass
the
api
server,
we
don't
have
to
conform
to
its
security
policy,
and
maybe
we
won't
be
logged
in
some
clusters.
You
can
schedule
pods
on
the
same
node
as
where
the
api
server
runs.
B
So
what
if
we
scheduled
a
full
copy
of
the
real
api
server
on
the
same
control,
plane
node
and
used
the
same
keys
and
network
paths
to
talk
to
etcd
that
the
real
control
plane
has,
but
instead
of
logging
activities
or
blocking
anything
we
just
have
it
set
to
allow
full
access
as
an
attacker.
That's
pretty
handy
right
keeps
the
logs
of
the
api
server
clean
the
real
one
and
maintains
a
persistent
access
channel
to
the
underlying
state
of
the
cluster,
where
all
the
loot
is
kept.
B
So
we've
already
made
an
exact
copy
of
the
current
api
server
configuration
and
we've
made
a
few
key
changes.
So,
let's
take
a
look,
we'll
call
your
attention
to
us.
Setting
anonymous
auth
equals
true
and
authorization
mode
to
always
allow
this
effectively
disables
authentication
and
authorization
in
the
api
server,
and
we
set
the
insecure
port,
meaning
the
plain
http
service
listing
on
port
443.
B
A
B
A
A
You
can
also
command
and
control
the
server
that
you're
attacking
from
your
c2
infrastructure
and
red
teamers.
Have
you
know
given
talks
about
how
you
can
set
up
your
command
and
control
infrastructure
on
kubernetes,
basically
teaching
each
other?
How
to
deploy
things?
That's
pretty
cool,
but
that's
not
what
I
mean
here.
A
We
could
maybe
do
this
by
installing
an
agent
on
all
cluster
nodes
that
joined
them
to
an
external
cluster
that
we
control.
They
would
still
be
a
part
of
their
own
cluster
and
otherwise
behave
normally.
So
probably
an
admin
wouldn't
notice,
but
they'd
also
just
happen
to
be
a
part
of
our
cluster
too.
A
A
We
can
build
it
using
kubernetes
itself.
We
could
build
it
using
k3s.
What
is
k3s
and
why
did
we
pick
k3s
to
deploy
our
c2
with
kcs
is
smaller
and
simpler
than
a
regular
kubernetes
distribution.
It's
designed
to
be
lightweight
for
resource
constrained
environments
such
as
internet
of
things
and
k3s's
requirements
reflect
that
k3s
has
different
network
requirements
than
regular
kubernetes,
which
are
advantages
for
the
purposes
of
rc2.
A
Most
importantly,
it
only
requires
a
single
tls
connection,
outbound
from
knowns
to
the
control
plane,
which
is
very
likely
to
be
available
and
also
likely
to
blend
in
with
valid
traffic.
So
it
might
not
be
noticed.
K3S
has
nearly
all
of
the
same
moving
parts
as
a
full
version
of
kubernetes
on
the
right
here
in
this
slide
is
the
simplified
visual
of
the
k3s
control,
plane,
components
in
green
and
the
k3s
nodes
in
red
that
we'll
overlay
into
the
next
slide
on
the
left
of
this
slide
is
a
kubernetes
architecture
diagram
in
a
normal
cluster.
B
The
end
result
would
look
kind
of
like
this.
A
couple
really
cool
things
that
happened
with
this
approach.
The
k3s
agents
have
full
access
to
the
real
hosts
file
system,
so
we
can
grab
anything
we
want
directly
from
all
the
nodes.
The
best
part
is
the
original
cluster
continues
to
be
fully
operational.
We
didn't
break
anything
that
the
admins
might
even
notice
the
next
time
they
run
code
control,
get
pods
on
their
cluster.
They
won't
see
any
k3s
pods
and
they
won't
see
any
logs
of
us
hitting
their
api
server.
B
B
B
B
If
we
need
to
and
then
we're
running
directly
via
docker
run
in
the
background,
the
k3s
agent
and
we're
supplying
the
privileged
flag
and
the
auto
join
credentials
so
that
it
knows
how
to
phone
home
to
our
k3s
control
plane
automatically
and
we're
mounting
the
root
file
system
on
the
underlying
node
in
slash
root,
fs
and
we're
just
throwing
in
some
tolerations
here.
To
make
sure
we
get
scheduled
on
any
node.
That
is
in
a
cluster.
B
B
B
B
A
A
B
B
A
That
was
pretty
sweet
yeah.
As
far
as
we
know.
No
one
has
ever
done
anything
like
this
before
we
think
it's
a
good
example
of
what
cloud
native
attacks
can
look
like
in
the
future
from
sophisticated
attackers
who
understand
kubernetes
at
a
deep
level
know
how
to
use
it
and
have
the
mindset
of
someone
who
can
figure
out
how
to
misuse
it.
A
The
first
one
we
wanted
to
point
out
is
a
brand
new
one,
as
of
kubernetes
1.19
coupe
ctrl
run
now
has
a
privileged
flag.
It's
like
docker's
privileged
flag
as
penetration
testers
who
work
in
container
environments.
We
know
that
setting
your
docker
runs
to
privileged
means
that
basically
you're
giving
us
a
very
short
and
easy
day.
B
In
previous
versions,
kubernetes
components
were
largely
configurable
via
the
files
on
the
node's
file
system
or
via
cli
switches.
This
provided
a
natural
separation
between
configuration
in
kubernetes
versus
configuration
of
kubernetes
components,
but
it
can
introduce
friction
when
automating
widespread
configuration
changes.
So
to
help
with
this,
a
couple
of
new
feature
gates
are
available
that
can
enable
dynamic
reconfigurations
of
kubernetes
components
via
the
kubernetes
api.
B
So,
for
example,
the
dynamic
audit
logsync
configuration
can't
modify,
which
api
actions
to
audit
log,
but
it
does
control
where
those
audit
logs
should
be
sent.
So
we
can
use
this
dynamic
configuration
setting
to
send
all
kubernetes
audit
logs
to
an
application
that
we
control.
Instead,
we
can
then
filter
those
logs
and
forward
them
on
to
the
original
destination,
to
hide
just
our
malicious
log
entries
and
send
the
rest
on
and
thus
covering
our
tracks.
A
A
Wow
kubernetes
security
posture
really
has
improved
a
lot.
Remember
those
attacks.
When
we
first
started,
I
do
it
was
a
simpler
time.
One
of
the
ones
I
really
liked
was
kublet
exploit
greets
dakires
kublat
exploit
was
one
of
the
first
kubernetes
hacks.
It
was
involved
in
infamous
security
peaches.
It
could
be
easily
used
and
was
exploited
in
the
wild.
A
B
B
B
B
So
before
we
want
to
change
the
kublet's
configuration,
we
probably
want
to
get
its
current
version
and
just
tweak
it
a
little
bit.
So
let's
do
that.
Let's
pull
the
current
kubelet's
configuration
out
of
the
cluster
and
save
it
as
a
local
file.
So
we
can
edit
that
we'll
call
it
kubelet,
config,
z,
kind
worker,
and
now,
let's
modify
that.
B
Okay,
we
made
that
modification.
Next,
we
want
to
create
a
config
map.
That's
going
to
hold
this
kubelet's
configuration,
we'll
call
it
my
node
config
and
save
it
in
the
kube
system,
name
space
before
we
deploy
that.
I
just
want
to
show
you
that
we
indeed
have
the
web
hook
off.
Anonymous.
Auth
is
true,
and
the
authorization
mode
is
always
allow.
B
We
do
this
by
patching
the
node
object.
We
say
change
it
to
use
the
config
map
name,
my
node
config
in
the
cube
system-
namespace,
okay,
so
that's
set.
Now.
Let's
look
at
the
new
node
configuration
that
the
kubelet
has
taken
on.
As
you
can
see,
we've
got
the
config
source.
Is
the
config
map
that
we
just
described.
B
B
A
So
now
with
comfort
circle.
What's
old
is
new
again,
the
increasing
complexity
and
security
of
kubernetes
and
its
ecosystem
leads
to
demands
from
developers
and
administrators
for
more
simplicity
and
more
ease
of
use.
This
can
lead
to
opening
up
new
security
holes
or
perhaps
reopening
old
ones
as
attackers.
We're
really
excited
about
the
possibilities
that
we
see
in
in
the
future,
and
we
would
like
to
encourage
you,
people
who
are
maybe
developers
or
operators
or
defenders,
to
take
a
look
at
these
upcoming
features
and
the
systems
you
build
through
our
eyes.
A
You
know
how
you
would
use
it,
but
how
might
an
attacker
misuse
it
being
able
to
look
at
your
systems
and
what
you're,
building
with
the
perspective
of
an
attacker,
can
help
you
understand
and
building
what
you're
building
with
this
perspective
in
mind,
can
help
you
protect
against
it
and
make
your
systems
more
secure
overall,
because,
as
attackers,
we
promise
we're
going
to
keep
finding
ways
to
misuse
things.
We're
pretty
excited
about
this.