search

madhuakula / kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
https://madhuakula.com/kubernetes-goat
MIT License
4.25k stars 700 forks source link

The total number of misconfigurations and vulnerabilities in the Kubernetes-goat environment #65

Open ijewelmas opened 2 years ago

ijewelmas commented 2 years ago

Hello,

I was interested to understand the total number of intended misconfigurations and vulnerabilities in Kubernetes-goat environment. It will be great to have this information in order to understand which tool is able to capture most number of misconfigurations/vulnerabilities.

Thanks in advance !

fadao23 commented 1 year ago

+1. I saw on "kubernetes-goat/guide/docs/security-reports/" that some reports have been updated, but without a baseline of vulnerabilities, we can't know if the tools are efficient or not.

madhuakula commented 1 year ago

Makes a lot of sense. Let me document in a draft and share with you all and see if anything I missed and we can improve over the time. Will work on this this week, @fadao23 @ijewelmas appreciate any suggestions, inputs about format.

za commented 1 year ago

Hi @madhuakula maybe I can try to help. So we need to put the risk level on each scenarios here?

  1. Sensitive keys in codebases
  2. DIND (docker-in-docker) exploitation
  3. SSRF in the Kubernetes (K8S) world
  4. Container escape to the host system
  5. Docker CIS benchmarks analysis
  6. Kubernetes CIS benchmarks analysis
  7. Attacking private registry
  8. NodePort exposed services
  9. Helm v2 tiller to PwN the cluster - [Deprecated]
  10. Analyzing crypto miner container
  11. Kubernetes namespaces bypass
  12. Gaining environment information
  13. DoS the Memory/CPU resources
  14. Hacker container preview
  15. Hidden in layers
  16. RBAC least privileges misconfiguration
  17. KubeAudit - Audit Kubernetes clusters
  18. Falco - Runtime security monitoring & detection
  19. Popeye - A Kubernetes cluster sanitizer
  20. Secure network boundaries using NSP
  21. Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement
  22. Securing Kubernetes Clusters using Kyverno Policy Engine

or it's not like that? As each scenario might contain varied vulnerabilities & misconfigurations. CMIIW.

madhuakula commented 3 months ago

Appreciate it if you have some ideas on how we can do this, @za. Let's discuss this here before moving forward with implementation.

Basically, we need to capture the list of vulnerabilities, misconfigurations, etc., in each scenario and flag them in a testable way using tools like Checkov, KICS, Kubescape, etc. against our Kubernetes Goat project. This way, we can ensure that we can map them to the Kubernetes Goat framework list of vulnerabilities and what these tools are able to find/identify.

Finally, we can create a matrix something like https://github.com/tsale/EDR-Telemetry?tab=readme-ov-file#telemetry-comparison-table