December 04, 2018 Marco Lancini Reading time ~4 minutes

Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)

On the 3rd of December 2018, a critical security vulnerability affecting Kubernetes API server has been announced. Without any surprise, this announcement got a lot of traction (especially on Twitter).

More info on CVE-2018-1002105. Recently disclosed Kubernetes vulnerability allows all users, authenticated and unauthenticated, backdoor administrative access to the API server, including the kubelet...and it can't easily be detected in logs. https://t.co/UfdCrajequ
— Ian Coldwater 👻🌿 (@IanColdwater) December 3, 2018

In this post I’ll try to dissect the information currently available.

November 18, 2018 Marco Lancini Reading time ~1 minute

Red Teaming Mind Map from The Hacker Playbook 3

In the past few weeks I’ve been reading “The Hacker Playbook 3: Red Team Edition” from Peter Kim. As the title clearly states, this version focuses on processes and techniques that can be used during a red teaming engagement. Although I’m not going to provide a review of the book here, I highly recommend it to anyone interested in the field.

While going through the book I found myself building a mindmap to link topics (which not always are presented sequentially) together, so to create a high-level methodology as suggested by Peter. In this post I want to share this mind map: I do realise this is not a complete list of all techniques/tools that can be leveraged in a campaign, but it covers what’s in “The Hacker Playbook 3”. I hope you’ll find it useful!

October 30, 2018 Marco Lancini Reading time ~7 minutes

My Arsenal of Cloud Native (Security) Tools

A while ago I posted “So I Heard You Want to Learn Kubernetes”, where I tried to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and to focus on its security aspects later.

The natural evolution was to put into practice those concepts, but I quickly realized there was a shortage of resources that gave a comprehensive overview of (offensive) security tooling for that space. As with many topics in this industry, information is often scattered and non-uniform.

@ToniBlyx, in his post “My arsenal of AWS security tools”, gave it a go. That post was indeed the starting point for this one, but I felt the need to personalize that list and to add tools not only for AWS, but also for Docker, Kubernetes, and even Git.

In this post I’ll focus on providing a curated list of tools I personally find useful, alongside a quick “usage” guide for each one of them. I’ve also released an Ansible role for those who want to quickly deploy them.

October 18, 2018 Marco Lancini Reading time ~4 minutes

Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)

On the 16th of October 2018, an important security release from libssh has been published in order to address CVE-2018-10933:

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

The bug was discovered by Peter Winter-Smith of NCC Group.

Since then, many people started debating on Twitter about causes and impact. So here I want to writeup a practical guide which explains how to find hosts (in your network) vulnerable to the libSSH Authentication Bypass, and how to exploit them to gain shell access.

September 26, 2018 Marco Lancini Reading time ~10 minutes

So I Heard You Want to Learn Kubernetes

Kubernetes is getting popular by the day, and is probably one of the hottest buzzwords of 2018.

With names like eBay, Goldman Sachs, Huawei, ING, SAP, and many others listed as corporate users, it is surely a technology which has got a consolidated place in our industry.

At the same time, Kubernetes got the infamous nomea of being hard to understand. Mostly due to rumors, but some other times it has been proven to be easy to get wrong, like experienced by the Monzo team a few months back:

I just posted a technical postmortem about @monzo's outage on Friday, if you were curious what happened 🚨 https://t.co/9AMDdY1tSP
— Oliver Beattie (@obeattie) October 30, 2017

I still remember the sense of confusion when I decided I wanted to get a better understanding of Kubernetes, as I felt like I didn’t know where to start, or what to tackle first.

In this post I will try to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.

Hopefully this will help a little in your own journey to understand Kubernetes.

About

Projects

Publications

Home

Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)

Red Teaming Mind Map from The Hacker Playbook 3

My Arsenal of Cloud Native (Security) Tools

Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)

So I Heard You Want to Learn Kubernetes

About

Must Read

Offensive Infrastructure with Modern Technologies

So I Heard You Want to Learn Kubernetes

Offensive ELK: Elasticsearch for Offensive Security

Recent Articles

Currently Working On

Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)

Red Teaming Mind Map from The Hacker Playbook 3

My Arsenal of Cloud Native (Security) Tools

Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)

Tags

Twitter Feed