Light

syllogy / red-kube Goto Github PK

View Code? Open in Web Editor NEW

This project forked from lightspin-tech/red-kube

0.0 1.0 0.0 533 KB

Red Team KubeCTL Cheat Sheet

License: Apache License 2.0

red-kube's Introduction

Red Team KubeCTL Cheat Sheet

Red Kube is a red team cheat sheet based on kubectl commands. The project helps achieve the right point of view for your Kubernetes Security Posture from the attacker's perspective.

The commands are either active or passive with mapping to the MITRE ATT&CK Matrix.

Warning: You should NOT use red-kube commands on a Kubernetes cluster that you don't own!

Prerequisites:

kubectl (Ubuntu / Debian)

sudo apt-get update && sudo apt-get install -y apt-transport-https gnupg2 curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl

jq

sudo apt-get update -y
sudo apt-get install -y jq

Commands by MITRE ATT&CK Tactics

Tactic	Count
Initial Access	0
Execution	1
Persistence	0
Privilege Escalation	4
Defense Evasion	0
Credential Access	7
Discovery	14
Lateral Movement	0
Collection	0
Command and Control	1
Exfiltration	0
Impact	0

Webinars

#1 First Workshop with Lab01 and Lab02 Webinar Link

#2 Second Workshop with Lab03 and Lab04 Webinar Link

TODO

Initial Access: Find Public IPs

Defense Evasion: Delete API Audit Logs

Privilege Escalation: Using escalate verb

Collection: Dump all configmaps and env to a file

License

This repository is available under the Apache License 2.0.

red-kube's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.