mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-25 12:20:18 +00:00
.. | ||
CIS_Kubernetes_Benchmark_v1.6.0.pdf | ||
CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF | ||
Kubernetes Goat.pdf | ||
README.md |
Kubernetes Security Resources
Resources from k8s, Cloud Native Foundation, and Others
- Kubernetes.io
- Kubernetes GitHub
- NSA Kubernetes Hardening Guidance
- Kubernetes Security and Disclosure Information
- Cloud Native Security
- Pod Security Standards
- CNCF SIG Security
- CNCF SIG Security Meeting Notes
- CNCF SIG Security Mailing List
- Kubernetes SIG Security
- Kubernetes SIG ecurity Meeting Notes
- Kubernetes SIG Auth (Authorization, Authentication, and Cluster Security Policy)
- Kubernetes Security Audit 2019 Results
- Kubernetes Security Audit 2021 RFP
Multiple Conference Presentations
- Compromising Kubernetes Cluster by Exploiting RBAC Permissions - Eviatar Gerzi, CyberArk (RSA 2020)
- Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO
- Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO (Extended Version)
- Advanced Persistence Threats: The Future of Kubernetes Attacks (RSAC 2020)
- Kubernetes Security Best Practices - Ian Lewis, Google
- Securing Kubernetes Secrets (Cloud Next '19)
- Jay Beale - Attacking and Defending Kubernetes - DEF CON 27 Packet Hacking Village
- The State of Kubernetes Security - Liz Rice
- DIY Pen-Testing for Your Kubernetes Cluster - Liz Rice, Aqua Security
- Kubernetes Security 101: Best Practices to Secure your Cluster
Blogs and Articles
- Container Security: Examining Potential Threats to the Container Environment
- Kubernetes securityContext: Linux capabilities in Kubernetes
- 10 Kubernetes Security Context settings you should understand
- Kubesploit: A New Offensive Tool for Testing Containerized Environments
- Securing Kubernetes Clusters by Eliminating Risky Permissions
- Using Kubelet Client to Attack the Kubernetes Cluster
- Eight Ways to Create a Pod
- Risk8s Business: Risk Analysis of Kubernetes Clusters
- How to Set Up and Manage Logs with Kubernetes
- The Current State of Kubernetes Threat Modelling
- Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes
- The Basics of Keeping Kubernetes Clusters Secure
- The Basics of Keeping Kubernetes Cluster Secure: Worker Nodes and Related Components
- How to Secure Your Kubernetes Cluster
- Kubernetes Security 101: Best Practices To Secure Your Cluster
- Kubernetes Security
- Introducing Kubernetes Goat
- Threat Matrix for Kubernetes
- Open Sourcing the Kubernetes Security Audit
- Amazon EKS Best Practices Guide for Security
- Protecting Kubernetes: The Kubernetes Attack Matrix and How to Mitigate Its Threats
- Securing the 4Cs of Cloud Native
- CVE-2018-18264 Privilege escalation through Kubernetes dashboard
- Certified Kubernetes Security Specialist (CKS) exam guide
Books
- Hacking Kubernetes by Andrew Martin, Michael Hausenblas
- Learn Kubernetes Security by Kaizhe Huang and Pranjal Jumde
- Kubernetes Security by Liz Rice and Michael Hausenblas
- Container Security by Liz Rice
- Kubernetes: Up and Running, Second Edition by Brendan Burns, Joe Beda and Kelsey Hightower
- Kubernetes Patterns: Reusable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß
Certifications
- CKAD
- CKA
- Certified Kubernetes Administrator (CKA) Course
- CKS
- Certified Kubernetes Security Specialist (CKS)
- CKSS-Certified-Kubernetes-Security-Specialist
- Certified Kubernetes Security Specialist Study Guide
- References for CKS Exam Objectives
CVEs
- Exploring container security: Vulnerability management in open-source Kubernetes
- CVE-2019-11247
- CVE-2019-11249
- CVE-2018-18264
Slides
- Communication is Key - Understanding Kubernetes Networking (KubeCon EU 2020)
- Seccomp Profiles and you: A practical guide (KubeCon EU 2020)
- Advanced Persistence Threats: The Future of Kubernetes Attacks (KubeCon EU 2020)
- Help! My Cluster Is On The Internet!
Trainings
- Secure Kubernetes
- Cloud Native Security Tutorial
- Kubernetes Security (Advanced Concepts)
- Kubernetes Goat Guide
- Katacoda Kubernetes Goat Videos
- Attacking and Auditing Docker Containers and Kubernetes Clusters
- A Cloud Guru Kubernetes Security
- SANS Cloud-Native Security Defending Containers and Kubernetes
- Tutorial: Getting Started With Cloud-Native Security - KubeCon EU 2020 - Liz Rice & Michael Hausenblas
- Control Plane Security Training
- Kubernetes Exam Simulator
- Kubernetes Security Workshop
- Linux Academy - Kubernetes Security
Repositories / Tools
Learning
- kubectl
- krew
- Bust-a-Kube
- kube-goat
- Kubernetes Goat
- Kubernetes Networking Labs for KubeCon EU 2020 Talk
- CNCF Security Audits
Attacking
Defending
- KubiScan
- Kubernetes Audit by Trail of Bits
- kubeaudit
- SecretScanner
- ThreatMapper
- falco
- kubesec
- kube-bench
- trivy
- MKIT
- kubetap
- kube-forensics
- k8s-security-dashboard
- CIS Kubernetes Benchmark - InSpec Profile
- Kube PodSecurityPolicy Advisor
- Inspektor Gadget
- Starboard
- Advocacy Site for Kubernetes RBAC
- Helm-Snyk
- Krane
- rakkess
- kubectl-who-can
- Kubernetes Security - Best Practice Guide
- External Secrets
- KubeLinter
- Open Policy Agent
- Gatekeeper
- Kyverno
Papers
- Kubernetes Security Assessment - Final Report - May 2019
- Kubernetes Security Whitepaper - June 2019
- Kubernetes Threat Model - June 2019
- Kubernetes Attack Tree
- Attacking Kubernetes - A Guide for Administrators and Penetration Testers
- CIS Kubernetes Benchmark
- Kubernetes é seguro por default ou à prova de má configuração? 🇧🇷