Kubernetes Hacking: From Weak Applications to Cluster Control

Поділитися
Вставка
  • Опубліковано 23 гру 2024

КОМЕНТАРІ • 69

  • @einpseudonym7604
    @einpseudonym7604 Рік тому +28

    Great topic, especially in this time and age very cool to see container vulnerabilities in action

  • @Quephara
    @Quephara Рік тому +53

    I need to buy glasses, that's probably this guy's superpower

    • @reinmarvonzweter666
      @reinmarvonzweter666 Рік тому +2

      Maybe try growing a beard?

    • @the_sandman00
      @the_sandman00 Рік тому +2

      Tried it. It’s not

    • @vq8gef32
      @vq8gef32 Рік тому

      LooL

    • @petevenuti7355
      @petevenuti7355 Рік тому

      ​@@the_sandman00 it was for me, back when I was 14..

    • @Damian04233
      @Damian04233 Рік тому +1

      Dude.. I promise you that though they are not the source of his superpower -😐 they are without a doubt, im telling you beyond likely, we're talking menswearhouse, multiplying his powers anywhere between a standard 50%, like you get from sunglasses to upwards of 2500% depending on who made the frames, if they're Luxottica, pssh¡, fuhgett abod it. I used to be an Optician, I know.

  • @janwrona9539
    @janwrona9539 Рік тому +5

    Trick with --path-as-is is super cool ! Currently working with containers and kubernates from a dev perspective but this video brings new point of view for me ! Thanks :)

    • @ttrss
      @ttrss Рік тому +2

      that would have got me stuck for so longg

  • @uayew892
    @uayew892 Рік тому +10

    Kubernetes will ignore the imagePullPolicy and will always try to pull the image if the image tag is :latest (or none, defaulting to :latest)

  • @kebien6020
    @kebien6020 Рік тому +3

    Some pro-tips for the messed up terminal.
    Try the command stty sane to see if that fixes your shell.
    At the very least you can override your PS1 with something very short to avoid being so close to the end of the screen. Something like:
    export PS1='\w\$ '
    This might even fix the text wrapping in the wrong place, which is caused by bash not knowing accurately how long the prompt text is, because of the control characters that make the prompt have colors.

  • @B44-y5i
    @B44-y5i Рік тому +12

    thanks buddy this was basically a step by step guide for discovering major vulnerability in a popular service by pure accident. got me bug bounty money :D

  • @Jim-z9j
    @Jim-z9j Місяць тому

    Is it normal for a kube container to have access level to create new containers?

  • @exoric7408
    @exoric7408 Рік тому

    Great video John ! As always !

  • @1_nS1d3
    @1_nS1d3 Рік тому

    Especially for ones interested in technologies like k8s in the security context, I can recommend the book from sparc flow "How to hack like a ghost"

  • @manonmission2010
    @manonmission2010 8 місяців тому

    love your high quality videos

  • @pranavpatil7748
    @pranavpatil7748 Рік тому +2

    Great video John?
    Can you let us know which machine/image/box you are using

    • @grover-
      @grover- Рік тому

      Did anyone get the link to this if it's in hack the box?

  • @wolfrevokcats7890
    @wolfrevokcats7890 Рік тому

    3:12 pwncat-cs is superb replacement for netcat

  • @justchecking12
    @justchecking12 Рік тому +1

    I like his style when he starts intro speaking it’s like a documentary 😂

  • @vivekmishra69
    @vivekmishra69 Рік тому

    Very nice tutorial thanks for sharing. You could have also edited the grafana pod using "kubectl edit grafana pod" and make it previleged pod and mount host directory instead of creating new pod..

  • @silentkille4
    @silentkille4 Рік тому

    this guy deserves a million subs + more

  • @scorpion_lux
    @scorpion_lux Рік тому

    What a fantastic video congratulations as always

  • @DEV8795
    @DEV8795 Рік тому

    bruh, love it. makes me wanna learn these stuff

  • @iCortex1
    @iCortex1 Рік тому +1

    Any plans to cover the google chrome 0 day that happened a few days ago ?

  • @topegpt
    @topegpt Рік тому

    Could nod locate Gemfilr termux metasploit, help

  • @gashone
    @gashone 10 місяців тому

    awesome, more like this

  • @raav33n
    @raav33n Рік тому +1

    This was super cool. What CTF is this from?

  • @medamineoueslati9719
    @medamineoueslati9719 6 місяців тому

    When can i find the application i want to deploy it and practice

  • @ciaobello1261
    @ciaobello1261 Рік тому

    wild video😂 nice, thanks john for it

  • @marco201ful
    @marco201ful Рік тому

    You should talk about Security Blue Team, I know you helped them build their videos.

  • @tn5848
    @tn5848 4 місяці тому

    Is this a CTF machine or anything else?

  • @guyhavia1730
    @guyhavia1730 11 місяців тому

    What is the ctf url?

  • @felipeozoski
    @felipeozoski Рік тому

    Another awesome video thank you very much

  • @zxc11118
    @zxc11118 Рік тому

    Excellent!

  • @klanker
    @klanker Рік тому +2

    more kubernetes pls

  • @gronono
    @gronono Рік тому

    Very nice video. Thanks a lot

  • @GroupFacade9264
    @GroupFacade9264 Рік тому

    I was just thinking gabout this, reading my mind.

  • @marccheat121
    @marccheat121 Рік тому

    Can you share link vm or image to create this k8s lab ?

  • @networkmastro1402
    @networkmastro1402 Рік тому

    thanks this is good staff

  • @liudvikasstankus
    @liudvikasstankus Рік тому

    this is awesome

  • @somerandomwithacat750
    @somerandomwithacat750 Рік тому

    Is this a VM I can play?

  • @MP-wm9gb
    @MP-wm9gb Рік тому

    Is Docker now really secured OR there is still a breach which allows container breakout/escape?

  • @hack_well
    @hack_well Рік тому

    Thank you for your walkthrough, May God bless you 🎭

  • @vq8gef32
    @vq8gef32 Рік тому

    Hi , Is this machine on HTB? Or any where that I can try it?

    • @vq8gef32
      @vq8gef32 Рік тому

      I used pwncat-cs for my HTB - better experience )

  • @cheick127
    @cheick127 Рік тому

    A really good content

  • @ReligionAndMaterialismDebunked

    Early in the comments. Nice! 2 hours ago!

  • @craigblackie2034
    @craigblackie2034 Рік тому

    There's a distinction between LFI and directory traversal - I don't believe what you had was LFI.

  • @localhost69
    @localhost69 Рік тому

    nice

  • @triggerHLM
    @triggerHLM Рік тому

    Isn't this example very constructed? In case somone exposes a shell direclty over a webinterface the game is over anyway.

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 Рік тому

    My my language mistake but understanding never to attending after understanding again to looking you have the never misunderstanding but health problems are also more patients also I will attend

  • @ReligionAndMaterialismDebunked

    Yeah, I've heard of this system before by a Norwegian, or whatever ethical hacker dude. :3

  • @gawaderanjeetsandipdypit3167

    This guy beats Dev-ops Engineer

  • @djmasnas
    @djmasnas Рік тому

    There is no secure place in the world ! Relax and take it easy

  • @Hackwraghav
    @Hackwraghav Рік тому

    Ed Sheeran

  • @মুহাম্মাদনায়ীম

    Many UA-cam videos I have seen. That didn't work at all...
    Professional, 100% working software suggestion for audio recovery from android internal storage is required, please.

  • @johnreinermarcos
    @johnreinermarcos Рік тому

    Makdkd

  • @stefanosbek
    @stefanosbek Рік тому

    Highly suggest "SteamCloud" on hack the box to those wanting to get their hands on a CTF such as the one in the video

  • @issamafifi5545
    @issamafifi5545 Рік тому

    I have worked for Global Cyber Security Company for more than 8 months, what I learned form your video more than what I learned form all of them 😆😆😆 thank you John >> you_are_the_best.txt

  • @elchinefa9524
    @elchinefa9524 Рік тому +2

    As a K8S Admin very happy to see this one. I would like to try it aswell. Which CTF was it? TryhackMe?