awesome-cloud-native-security
awesome resources about cloud native security 🐿
https://github.com/Metarget/awesome-cloud-native-security
Last synced: 1 day ago
JSON representation
-
0 General
- OWASP Cloud-Native Application Security Top 10
- Hacking and Hardening Kubernetes Clusters by Example (KubeCon 2017)
- A Measurement Study on Linux Container Security: Attacks and Countermeasures (ACSAC 2018)
- Kubernetes Security: Operating Kubernetes Clusters and Applications Safely (Book, 2018-09-28)
- Container Security: Fundamental Technology Concepts that Protect Containerized Applications (Book, 2020-04-01)
- MITRE ATT&CK framework for container runtime security with Falco. (2019-05-10)
- Threat matrix for Kubernetes (Microsoft, 2020-04-02)
- Microsoft's Kubernetes Threat Matrix: Here's What's Missing (2020-10-26)
- MITRE ATT&CK Containers Matrix (2021-04-29)
- Containers' Security: Issues, Challenges, and Road Ahead (IEEE Access 2019)
- Sysdig 2021 Container Security and Usage Report (2021-01-01)
- CNCF Cloud Native Security Whitepaper (2021-02-17)
- Metarget:云原生攻防靶场开源啦! (2021-05-10)
- Kubernetes Hardening Guidance (by NSA & CISA, 2021-08-03)
- Security Challenges in the Container Cloud (IEEE TPS-ISA 2021)
- Kubernetes Security Checklist and Requirements
- 2021西部云安全峰会召开:“云安全优才计划”发布,腾讯云安全攻防矩阵亮相 (2021-09-26)
- 《云原生安全:攻防实践与体系构建》
- 2018绿盟科技容器安全技术报告 (2018-11)
- 2020绿盟科技云原生安全技术报告 (2021-01)
- 国内首个云上容器ATT&CK攻防矩阵发布,阿里云助力企业容器化安全落地 (2020-06-18)
- 最佳实践:发布国内首个K8S ATT&CK攻防矩阵 (青藤, 2021-08-25)
- 2021西部云安全峰会召开:“云安全优才计划”发布,腾讯云安全攻防矩阵亮相 (2021-09-26)
- 云原生安全:基于容器ATT&CK矩阵模拟攻防对抗的思考 (2021-11-01)
- 企业应用容器化的攻与防 (JINQI-CON 2019)
- 컨테이너에서 버그 찾기 어디까지 해봤니 (How to Find Container Platform Bug, CodeEngn 2021)
- 2021西部云安全峰会召开:“云安全优才计划”发布,腾讯云安全攻防矩阵亮相 (2021-09-26)
- Metarget:云原生攻防靶场开源啦! (2021-05-10)
- Metarget:云原生攻防靶场开源啦! (2021-05-10)
-
1 Offensive
-
1.1 General
-
1.2 Kubernetes
- Walls Within Walls: What if your attacker knows parkour? (KubeCon 2019)
- Walls Within Walls: What if Your Attacker Knows Parkour? (Video)
- k0otkit:针对K8s集群的通用后渗透控制技术 (CIS 2020)
- k0otkit: Hack K8s in a K8s Way (Paper)
- k0otkit: Hack K8s in a K8s Way (Video)
- Advanced Persistence Threats: The Future of Kubernetes Attacks (RSA 2020)
- Advanced Persistence Threats: The Future of Kubernetes Attacks (Video)
- Compromising Kubernetes Cluster by Exploiting RBAC Permissions (RSA 2020)
- Compromising Kubernetes Cluster by Exploiting RBAC Permissions (Video)
- Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms
- Kubernetes Privilege Escalation: Container Escape == Cluster Admin? (Video)
- Kubernetes Privilege Escalation: Container Escape == Cluster Admin? (PPT)
- Command and KubeCTL: Real-world Kubernetes Security for Pentesters (Shmoocon 2020)
- Deep Dive into Real-World Kubernetes Threats (2020-02-12)
- Using Kubelet Client to Attack the Kubernetes Cluster (2020-08-19)
- Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1 (2020-11-05)
- Attacking Kubernetes Clusters Through Your Network Plumbing: Part 2 (2021-05-17)
- Metadata service MITM allows root privilege escalation (EKS / GKE) (2021-02-28)
- New Attacks on Kubernetes via Misconfigured Argo Workflows (2021-07-20)
- Creating Malicious Admission Controllers (2021-08-09)
- Attack Cloud Native Kubernetes (HITB 2021)
- Metasploit in Kubernetes (2021-11-04)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- Understanding about CVE-2017–1002101 on kubernetes (2018-03-19)
- Fixing the Subpath Volume Vulnerability in Kubernetes (2018-04-04)
- CVE-2017-1002101:突破隔离访问宿主机文件系统
- Exploiting path traversal in kubectl cp (CVE-2018-1002100, 2018-05-04)
- CVE-2019-11246: Clean links handling in cp's tar code (2019-04-30)
- CVE-2019-11249: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (2019-08-05)
- CVE-2019-11251: kubectl cp symlink vulnerability (2020-02-03)
- The Story of the First Kubernetes Critical CVE (CVE-2018-1002105, 2018-12-04)
- Kubernetes hostPort allow services traffic interception when using kubeproxy IPVS (CVE-2019-9946, 2019-03-28)
- Non-Root Containers, Kubernetes CVE-2019-11245 and Why You Should Care, (2019-08-28)
- Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558, 2020-07-27)
- Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554, 2020-12-08)
- Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554, 2020-12-21)
- Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass (2021-04-28)
- Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack (2021-05-24)
- cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- CVE-2018-1002105(k8s特权提升)原理与利用分析报告 (2018-12-08)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- ExP: CVE-2017-1002101 by bgeesaman
- ExP: CVE-2021-25735 by darryk10
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- Github Repo for k0otkit
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- etcd未授权访问的风险及修复方案详解 (2021-04-09)
- Don’t let Prometheus Steal your Fire (2021-10-12))
- 逃逸风云再起:从CVE-2017-1002101到CVE-2021-25741 (2021-10-12)
- Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101 (2019-03-28)
- CVE-2018-1002105(k8s特权提升)原理与利用分析报告 (2018-12-08)
- CVE-2018-1002103:远程代码执行与虚拟机逃逸
- When it’s not only about a Kubernetes CVE... (CVE-2020-8555, 2020-06-03)
- 浅谈云上攻防——CVE-2020-8562漏洞为k8s带来的安全挑战 (2021-10-25)
- 谁动了我的core\_pattern?CVE-2022-0811容器逃逸漏洞分析
- Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / …) (2021-02-28)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- New Attacks on Kubernetes via Misconfigured Argo Workflows (2021-07-20)
- The Story of the First Kubernetes Critical CVE (CVE-2018-1002105, 2018-12-04)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- Deep Dive into Real-World Kubernetes Threats (2020-02-12)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
- 【技术推荐】云原生之Kubernetes安全 (2021-12-18)
-
1.3 Container
- Abusing Privileged and Unprivileged Linux Containers (2016-06-01)
- Bypassing Docker Authz Plugin and Using Docker-Containerd for Privesc (2019-07-11)
- A Methodology for Penetration Testing Docker Systems (Bachelor Theses, 2020-01-17)
- 针对容器的渗透测试方法 (2020-04-17)
- 里应外合:借容器root提权 (2020-12-03)
- CVE-2021-21287: 容器与云的碰撞——一次对MinIO的测试 (2021-01-30)
- New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291) (2021-04-14)
- Container escape through open_by_handle_at (shocker exploit) (2014-06-18)
- Docker breakout exploit analysis (2014-06-19)
- Dirty COW - (CVE-2016-5195) - Docker Container Escape (2017-09)
- Escaping Docker container using waitid() - CVE-2017-5123 (Video)
- A Compendium of Container Escapes (Black Hat 2019)
- In-and-out - Security of Copying to and from Live Containers (Open Source Summit 2019)
- CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host (2019-02-13)
- Escaping a Broken Container - 'namespaces' from 35C3 CTF (2019-04-15)
- An Exercise in Practical Container Escapology (2019-03-07)
- Felix Wilhelm's Twitter on the Escape Technique utilizing release_agent (2019-07-17)
- Understanding Docker container escapes (2019-07-19)
- Privileged Container Escape - Control Groups release_agent (2020-11-19)
- Kubernetes Pod Escape Using Log Mounts (2019-08-01)
- Kubelet follows symlinks as root in /var/log from the /logs server endpoint (debate on hackerone, 2021-04-02)
- Original Tweet on CVE-2019-16884 (2019-09-22)
- CVE-2019-19921: Volume mount race condition with shared mounts (2020-01-01)
- PoC: runc-masked-race.sh
- PATCH RFC 1/1 mount: universally disallow mounting over symlinks (2019-12-30)
- 容器逃逸技术概览 (2020-02-21)
- Escaping Virtualized Containers (Black Hat 2020)
- Kata Containers逃逸研究 (2020-09-25)
- Security advisory for four vulnerabilities in Kata Containers (2020-12-04)
- CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel (2020-10-09)
- Containing a Real Vulnerability (2020-09-18)
- host模式容器逃逸漏洞(CVE-2020-15257)技术分析 (2020-12-02)
- ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again (2020-12-10)
- The Strange Case of How We Escaped the Docker Default Container (CVE-2020-27352, 2021-03-04)
- runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465, 2021-05-30)
- RunC TOCTOU逃逸CVE-2021-30465分析 (2021-08-18)
- 【安全干货】Docker CVE-2018-6552 (2021-06-30)
- CVE-2021-22555: Turning \x00\x00 into 10000$ (2021-07-07)
- CVE-2021-22555:Linux 内核提权导致 Docker 逃逸 (2021-07-23)
- With Friends like eBPF, who needs enemies? (Defcon 29)
- Container Escape in 2021 (HITB 2021)
- Container Escape in 2021 (KCon 2021)
- Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784, 2021-12-06)
- Issue 2241: runc/libcontainer: insecure handling of bind mount sources
- Podman Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2023-0778)
- Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
- Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (CCS 2019)
- Docker组件间标准输入输出复制的DoS攻击分析 (网络信息安全学报 2020)
- Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization (CCS 2021)
- PoC: Shocker by gabrtv
- ExP: CVE-2016-5195 by scumjr
- ExP: CVE-2019-5736 by Frichetten
- PoC: kube-pod-escape
- Privileged Container Escape - Control Groups release_agent (2020-11-19)
- Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (CCS 2019)
- Docker 容器逃逸案例分析 (2016-07-19)
- Escaping Docker container using waitid() – CVE-2017-5123 (2017-12-27)
- 容器逃逸成真:从CTF到CVE-2019-5736 (2019-11-20)
- 容器逃逸CVE-2020-15257 containerd-shim Exploit开发 (2020-12-14)
- 利用Linux内核漏洞实现Docker逃逸 (2021-06-11)
- Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances (2021-09-09)
- 云原生安全攻防|使用eBPF逃逸容器技术分析与实践 (2021-11-03)
- Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups (Video)
- 针对容器的渗透测试方法 (2020-04-17)
-
1.4 Serverless
- Hacking Serverless Runtimes (Black Hat 2017)
- Hacking Serverless Runtimes (Whitepaper)
- Serverless Toolkit for Pentesters (2018-11-11)
- Serverless Red Team Infrastructure: Part 1, Web Bugs (2018-09)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- How We Escaped Docker in Azure Functions (2021-01-27)
- Royal Flush: Privilege Escalation Vulnerability in Azure Functions (2021-04-08)
- RT又玩新套路,竟然这样隐藏C2 (2021-04-21)
- 针对AWS Lambda的运行时攻击 (2020-12-02)
- CDN+FaaS打造攻击前置 (2021-08-11)
-
1.6 Service Mesh
-
1.8 Windows Containers
- Well, That Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in The Hypervisor via Shadow Containers (Black Hat 2017)
- Well, That Escalated Quickly! (Whitepaper)
- What I Learned from Reverse Engineering Windows Containers (2019-12-12)
- Windows Server Containers Are Open, and Here's How You Can Break Out (2020-07-15)
- PoC by James Forshaw (the author of post *Who Contains the Containers?*)
- Who Contains the Containers? (Project Zero, 2021-04-01)
-
1.9 Tools
- Zero Dependency Container Penetration Toolkit (Blackhat 2021)
- CDK: Also a Awesome BugBounty Tool for Cloud Platform (WHC 2021)
- Metarget - framework providing automatic constructions of vulnerable infrastructures
- Introduction to kdigger
- kube-hunter - Hunt for security weaknesses in Kubernetes clusters
- serverless_toolkit - A collection of useful Serverless functions I use when pentesting
- kubesploit
- kubeletmein - Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers
- CDK - Zero Dependency Container Penetration Toolkit
- red-kube - Red Team K8S Adversary Emulation Based on kubectl
- whoc - A container image that extracts the underlying container runtime
- kdigger - A context discovery tool for Kubernetes penetration testing
-
1.7 API Gateway
-
-
2 Defensive
-
2.1 Standards and Benchmarks
- NIST.SP.800-190 Application Container Security Guide (2017-09-25)
- NIST.IR.8176 Security Assurance Requirements for Linux Application Container Deployments (2017-10)
- CIS Kubernetes Benchmark
- CIS Docker Benchmark
- NIST.SP.800-204 Security Strategies for Microservices-based Application Systems (2019-08)
- NIST.SP.800-204B Attribute-based Access Control for Microservices-based Applications Using a Service Mesh (2021-08)
- CIS Kubernetes Benchmark
- OWASP Container Security Verification Standard
-
2.2 Kubernetes
-
2.3 Container
-
2.4 Secure Container
-
2.5 Network
-
2.7 Tools
- Bypass Falco (2020-11-20)
- Detecting MITRE ATT&CK: Defense evasion techniques with Falco (2021-02-02)
- Detecting MITRE ATT&CK: Privilege escalation with Falco (2021-03-02)
- kubescape - kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
- cnspec - cloud-native security and policy project
- kubescape - kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
- cnspec - cloud-native security and policy project
- docker-bench-security
- kube-bench
- KubiScan
- Falco
- Elkeid - Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture
- veinmind-tools
-
2.6 Practices
-
-
3 Incidents
-
2.7 Tools
- Lessons from the Cryptojacking Attack at Tesla (2018-02-20)
- Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub (2019-10-15)
- Detect large-scale cryptocurrency mining attack against Kubernetes clusters (2020-04-08)
- Coinminer, DDoS Bot Attack Docker Daemon Ports (2020-05-06)
- TeamTNT团伙对Docker主机发起攻击活动,植入挖矿木马 (2020-08-04)
- Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials (2020-08-16)
- Cetus: Cryptojacking Worm Targeting Docker Daemons (2020-08-27)
- Black-T: New Cryptojacking Variant from TeamTNT (2020-10-05)
- TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger (2020-12-18)
- Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes (2021-02-03)
- TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack (2021-05-25)
- Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group (2021-06)
- TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations (2021-06-04)
- TeamTNT with new campaign aka "Chimaera" (2021-09-08)
- Team TNT Deploys Malicious Docker Image On Docker Hub (2021-10-07)
- 再次捕获云上在野容器攻击,TeamTNT黑产攻击方法揭秘 (2021-10-20)
- Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT (2021-11-09)
- Misconfigured Kubeflow workloads are a security risk (2020-06-10)
- Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments (2021-06-07)
- NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign (2021-07-01)
- Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments (2021-07)
- DockerHub再现百万下载量黑产镜像,小心你的容器被挖矿 (2021-08-30)
- DockerHub再现百万下载量黑产镜像,小心你的容器被挖矿 (2021-08-30)
- 鉴权配置不当,蠕虫在自建K8s集群自由出入 (2020-09-16)
- Misconfigured Kafdrop Puts Companies’ Apache Kafka Completely Exposed (2021-12-06)
-
-
Uncategorized
-
Uncategorized
-
Sub Categories
Keywords
kubernetes
8
security
7
container-security
4
containers
4
kubernetes-security
3
cloud-native
3
penetration-testing-tools
2
docker
2
cloud-native-security
2
vulnerabilities
2
k8s-penetration-toolkit
1
k8s
1
hitb
1
hacktools
1
exploits
1
kubernetes-clusters
1
container-escape
1
container
1
blackhat
1
kubelet
1
security-tools
1
agent
1
redteam-tools
1
red-teams
1
post-exploitation
1
penetration-testing-framework
1
c2
1
http2
1
golang
1
command-and-control
1
image-security
1
containerd
1
cloud-security
1
rasp
1
linux-security
1
hids
1
edr
1
cwpp
1
runtime-security
1
falco
1
ebpf
1
cncf-project
1
cncf
1
rbac
1
conjbot
1
authorization
1
openshift
1
kube-bench
1
cis-security
1
cis-kubernetes-benchmark
1