mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
2.7 KiB
2.7 KiB
Workflows - Kubernetes Penetration Testing
Workflow 1: External Kubernetes Pentest
[Scope Definition] --> [Reconnaissance] --> [Service Discovery]
| | |
v v v
Define targets DNS, OSINT, nmap 6443,8443
Rules of engagement cloud metadata 10250,2379,30000+
| | |
+---------------------+--------------------+
|
v
[Automated Scanning]
kube-hunter --remote
kubescape scan
kube-bench (if access)
|
+---------+---------+
| |
v v
[API Server Tests] [Kubelet Tests]
Anonymous auth Unauthenticated access
RBAC enumeration Command execution
Token theft Pod listing
| |
+-------------------+
|
v
[Exploitation]
Deploy privileged pod
Extract secrets
Pivot to other namespaces
|
v
[Report and Remediate]
Workflow 2: Internal/Assumed-Breach Testing
Step 1: Initial Pod Access
- Deploy test pod in target namespace
- Collect service account token
- Enumerate permissions: kubectl auth can-i --list
Step 2: Internal Reconnaissance
- List namespaces, pods, services
- Discover internal services via DNS
- Check metadata endpoints (cloud IMDS)
- Identify NetworkPolicy gaps
Step 3: Privilege Escalation
- Check for wildcard RBAC roles
- Test service account token from other pods
- Attempt to create privileged pods
- Check for vulnerable admission controllers
Step 4: Lateral Movement
- Access services in other namespaces
- Extract secrets and configmaps
- Attempt container escape
- Access cloud provider metadata
Step 5: Impact Assessment
- Demonstrate data access (secrets, PVCs)
- Show cluster-wide compromise path
- Document attack chain
Workflow 3: Pentest Cleanup
[Testing Complete]
|
v
[Remove all pentest pods]
kubectl delete pods -l purpose=pentest -A
|
v
[Remove test RBAC resources]
kubectl delete rolebinding pentest-rb
kubectl delete serviceaccount pentest-sa
|
v
[Verify cleanup]
kubectl get all -l purpose=pentest -A
|
v
[Document findings and hand off report]