Skip to content

Kubernetes Security Village

Welcome to the Hackers Teaching Hackers (HTH) 2024 Kubernetes Security Village.

The Kubernetes Security Village explores a few of the attacker techniques covered by the Microsoft Threat Matrix for Kubernetes.

  • Initial Access - Techniques used to gain a foothold inside the Kubernetes cluster
  • Execution - Techniques used to execute code on the cluster
  • Persistence - Techniques used to maintain long term access to the cluster
  • Privilege Escalation - Techniques used to gain a higher level of access within the cluster
  • Defense Evasion - Techniques used to avoid detection by security controls
  • Credential Access - Techniques used to steal credentials from the cluster
  • Discovery - Techniques used to gather information about the cluster
  • Lateral Movement - Techniques used to move laterally within the cluster
  • Collection - Techniques used to gather data from the cluster
  • Impact - Techniques used to disrupt the cluster

Prerequisites

Before you can start the Kubernetes Security village, the following command line interface tools must be installed on your machine.

AWS Command Line Interface

  1. Follow the Installing or updating to the latest version of the AWS CLI instructions.

  2. Verify the AWS CLI is installed correctly by running the following command in your Terminal:

    aws --version

    Expected Output

    aws-cli/2.2.18 Python/3.12.7 Darwin/23.6.0 source/arm64

Kubectl Command Line Interface

  1. Follow the kubectl install tools instructions.

  2. In your Terminal, run the following commands to verify the command line tools are installed correctly before moving forward:

    kubectl version --client

    Expected Output

    Client Version: v1.31.2
Kustomize Version: v5.4.2

Docker

  1. Follow the Installing Docker Engine instructions.

  2. Verify the Docker CLI is installed correctly by running the following command in your Terminal:

    docker --version

    Expected Output

    Docker version 26.1.1, build 4cf5afa

Getting Started

Start by visiting the Kubernetes Security Village table. Your village hosts, Eric Johnson and Eric Mead, will provide you with a set of stolen AWS access keys to simulate a compromise. From there, it is up to you to gain Initial Access to the Kubernetes cluster and discover the flags hidden in the environment.