Kube-hunter is an open source tool written in Python for pentesting a Kubernetes cluster. This kind of testing simulates what a hacker might do when trying to attack a deployment. The code chains together a number of hunter components, each of which explores a new step in a possible attack using an observer pattern.
Jeff Thorne discusses the motivations behind the project and explores some interesting aspects of how the project is implemented. You’ll learn how to test for the basics like an unsecured Kubelet API, simulate an attack from within a compromised container, and reuse the credentials from within a compromised container. You’ll leave ready to test your own Kubernetes cluster with kube-hunter and with new insights into the possible routes that an attacker might take to gain a foothold into your deployment. And perhaps you’ll even be inspired to submit a new hunter to the project.
Jeff Thorne is a member of the DevRel team at Aqua Security. Previously, he was the director of technology and field engineering at Trend Micro and held various roles in the app dev and infosec community at VMware, Ooyala, and Third Brigade. He has extensive experience in hybrid cloud architectures, advanced breach detection, product management, and software engineering. Jeff is a proud Canuck and now calls Seattle home.
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org