mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,92 @@
|
||||
# Workflows - Kubernetes Penetration Testing
|
||||
|
||||
## Workflow 1: External Kubernetes Pentest
|
||||
|
||||
```
|
||||
[Scope Definition] --> [Reconnaissance] --> [Service Discovery]
|
||||
| | |
|
||||
v v v
|
||||
Define targets DNS, OSINT, nmap 6443,8443
|
||||
Rules of engagement cloud metadata 10250,2379,30000+
|
||||
| | |
|
||||
+---------------------+--------------------+
|
||||
|
|
||||
v
|
||||
[Automated Scanning]
|
||||
kube-hunter --remote
|
||||
kubescape scan
|
||||
kube-bench (if access)
|
||||
|
|
||||
+---------+---------+
|
||||
| |
|
||||
v v
|
||||
[API Server Tests] [Kubelet Tests]
|
||||
Anonymous auth Unauthenticated access
|
||||
RBAC enumeration Command execution
|
||||
Token theft Pod listing
|
||||
| |
|
||||
+-------------------+
|
||||
|
|
||||
v
|
||||
[Exploitation]
|
||||
Deploy privileged pod
|
||||
Extract secrets
|
||||
Pivot to other namespaces
|
||||
|
|
||||
v
|
||||
[Report and Remediate]
|
||||
```
|
||||
|
||||
## Workflow 2: Internal/Assumed-Breach Testing
|
||||
|
||||
```
|
||||
Step 1: Initial Pod Access
|
||||
- Deploy test pod in target namespace
|
||||
- Collect service account token
|
||||
- Enumerate permissions: kubectl auth can-i --list
|
||||
|
||||
Step 2: Internal Reconnaissance
|
||||
- List namespaces, pods, services
|
||||
- Discover internal services via DNS
|
||||
- Check metadata endpoints (cloud IMDS)
|
||||
- Identify NetworkPolicy gaps
|
||||
|
||||
Step 3: Privilege Escalation
|
||||
- Check for wildcard RBAC roles
|
||||
- Test service account token from other pods
|
||||
- Attempt to create privileged pods
|
||||
- Check for vulnerable admission controllers
|
||||
|
||||
Step 4: Lateral Movement
|
||||
- Access services in other namespaces
|
||||
- Extract secrets and configmaps
|
||||
- Attempt container escape
|
||||
- Access cloud provider metadata
|
||||
|
||||
Step 5: Impact Assessment
|
||||
- Demonstrate data access (secrets, PVCs)
|
||||
- Show cluster-wide compromise path
|
||||
- Document attack chain
|
||||
```
|
||||
|
||||
## Workflow 3: Pentest Cleanup
|
||||
|
||||
```
|
||||
[Testing Complete]
|
||||
|
|
||||
v
|
||||
[Remove all pentest pods]
|
||||
kubectl delete pods -l purpose=pentest -A
|
||||
|
|
||||
v
|
||||
[Remove test RBAC resources]
|
||||
kubectl delete rolebinding pentest-rb
|
||||
kubectl delete serviceaccount pentest-sa
|
||||
|
|
||||
v
|
||||
[Verify cleanup]
|
||||
kubectl get all -l purpose=pentest -A
|
||||
|
|
||||
v
|
||||
[Document findings and hand off report]
|
||||
```
|
||||
Reference in New Issue
Block a user