Member-only story
Penetration testing a Kubernetes environment
Searching for weaknesses in the configuration.
To read for free/Friends Link https://bobvanderstaak.medium.com/72719f9e1010?source=friends_link&sk=2fddd1540d46a67aa517b210aea1313e
In this blog, which is probably a series, I want to share some steps you can take while performing a penetration test on a Kubernetes environment. It will share some techniques and tools you can use to exploit a pod or a cluster-based environment when parts of the weak default configuration are used.
Retrieving Information
The first step, the basics. With a good foundation, we can extract lots of valuable information from a cluster. Which can help pinpoint the weakness.
For starters, there are multiple ways to retrieve information about pods inside a cluster by making use of kubectl.
The following command is probably the most used but returns a limited amount of information:
kubectl get pods -AThis command requests to retrieve all pods and the property -A specifies we want to retrieve them across all namespaces.
TIP: If you don’t have access to one of the namespaces the request will not work and the command will fail.
