63 docs tagged with "CKS"

audit2rbac automatically generates RBAC policies from Kubernetes audit logs, enabling precise least-privilege configurations based on actual API usage.

How attackers exploit cloud provider metadata services (IMDS) from Kubernetes pods to steal IAM credentials and escalate privileges.

How to prevent pods from accessing cloud provider metadata services (IMDS) and stealing IAM credentials in Kubernetes.

cnspec is a cloud-native security scanner from Mondoo that assesses Kubernetes clusters, containers, and infrastructure against security policies and compliance frameworks.

Exploiting Kubernetes API server vulnerabilities and how attackers gain unauthorized access.

How attackers exploit insecure or malicious sidecar containers to intercept data, escalate privileges, and persist within Kubernetes clusters.

How an attacker can break out of a container and gain control over the host system in Kubernetes.

Cosign is a container signing and verification tool used to secure container images and enforce supply chain integrity.

Learn strategies to mitigate Distributed Denial-of-Service (DDoS) attacks in Kubernetes clusters.

Deepfence ThreatMapper is a runtime vulnerability scanner that discovers threats across Kubernetes clusters, VMs, containers, and serverless environments.

How attackers exploit Kubernetes resources to exhaust system capacity, disrupt workloads, and cause service outages.

Protect CoreDNS from spoofing, cache poisoning, DNS tunneling, and unauthorized modifications to enhance Kubernetes cluster security.

Restrict and monitor outbound traffic from Kubernetes workloads to prevent data exfiltration, command-and-control communication, and unauthorized external access.

How attackers abuse kubectl debug and ephemeral containers to inject debugging tools, access process namespaces, and compromise Kubernetes workloads.

Attack scenario demonstrating how kubectl exec and attach commands can be abused to steal credentials and sensitive data from running containers.

How an exposed Kubelet API can be exploited to execute commands on nodes and compromise Kubernetes clusters.

Falco is a runtime security tool for Kubernetes that detects abnormal behavior and threats based on system call monitoring and security rules.

Step-by-step guide on generating and issuing a certificate for a Kubernetes user, including creating roles and configuring kubeconfig.

Attack scenario demonstrating how attackers extract image pull secrets to gain unauthorized access to private container registries.

How attackers exploit insecure Container Storage Interface (CSI) drivers to gain unauthorized access to persistent volumes and sensitive data.

How overly permissive Kubernetes RBAC configurations enable privilege escalation and full cluster compromise.

Understanding the risks of insecure secrets management in Kubernetes and how it can lead to sensitive data exposure.

Best practices to prevent the exposure of sensitive data in Kubernetes through secure secrets management techniques and external secret stores.

KBOM (Kubernetes Bill of Materials) Toolkit generates comprehensive inventories of Kubernetes clusters, including components, images, and configurations.

kube-psp-advisor generates Pod Security Policies and Pod Security Standards based on the actual security requirements of running workloads.

kube-scan is a Kubernetes risk assessment tool that calculates risk scores for workloads based on their security configurations and potential attack impact.

kubectl-bindrole finds all Kubernetes roles and cluster roles bound to a specified ServiceAccount, User, or Group, helping audit RBAC configurations.

kubectl-dig provides deep visibility into Kubernetes cluster activity using eBPF-based tracing, enabling real-time analysis of system calls and network traffic.

kubectl-kubesec is a kubectl plugin that scans Kubernetes resources using kubesec.io to identify security risks and provide hardening recommendations.

kubectl-who-can shows which subjects have RBAC permissions to perform specific actions on Kubernetes resources, helping identify privilege distribution.

Kubei is a Kubernetes runtime vulnerability scanner that identifies vulnerabilities in container images across your cluster in real-time.

How attackers exploit kubelet anonymous authentication to execute commands, read pod logs, and access sensitive data on Kubernetes nodes.

Overview of Kubernetes Kubelet security covering authentication, authorization, TLS, resource limits, and hardening best practices.

Comprehensive guide to Kubernetes attack vectors including container escapes, privilege escalation, RBAC exploitation, and cluster compromise techniques.

Kubernetes External Secrets Operator synchronizes secrets from external providers like AWS Secrets Manager, HashiCorp Vault, and Azure Key Vault into Kubernetes.

kubernetes-rbac-audit is an auditing tool that analyzes RBAC configurations to identify risky permissions and potential security misconfigurations.

How missing Kubernetes Network Policies enable lateral movement and data exfiltration by attackers.

How attackers exploit misconfigured Kubernetes admission controllers and insecure webhooks to bypass security policies.

netchecks validates network connectivity assumptions in Kubernetes clusters by running declarative network tests to verify policies and connectivity.

Explore how Network Policies in Kubernetes control traffic flow and enhance security.

How attackers exploit misconfigured PersistentVolumes to access sensitive data from other workloads or previously deleted pods in Kubernetes.

Learn how Kubernetes Pod Security Standards (PSS) enforce security controls for workloads and replace the deprecated Pod Security Policies (PSP).

How attackers exploit overly privileged Kubernetes Service Accounts to gain cluster-wide access and escalate privileges.

rakkess displays an access matrix showing which Kubernetes resources a user, group, or service account can access, providing a comprehensive RBAC overview.

rback generates visual diagrams of Kubernetes RBAC configurations, making it easier to understand and audit complex permission structures.

Learn how Role-Based Access Control (RBAC) in Kubernetes manages authorization and improves security.

How to control ephemeral container and kubectl debug access through RBAC, Pod Security Standards, and admission control in Kubernetes.

How to disable kubelet anonymous authentication, configure certificate-based authentication, and implement proper authorization to protect Kubernetes nodes.

How to protect Kubernetes PersistentVolumes from unauthorized access, data exposure, and cross-namespace attacks through proper configuration and RBAC.

Best practices for protecting the Kubernetes API server against unauthorized access and exploitation.

Learn the security risks of exposing Kubernetes Dashboard publicly and how attackers exploit misconfigured dashboards for full cluster compromise.

Attack scenario demonstrating exploitation of service account tokens with excessive permissions or long lifetimes.

Learn how Kubernetes Service Accounts provide authentication for pods and how to securely configure them using RBAC.

Improve Kubernetes security by implementing mutual TLS (mTLS), zero-trust networking, and policy-based access control using service meshes like Istio, Linkerd, and Cilium.

Steampipe enables SQL-based querying of Kubernetes resources and compliance scanning using the steampipe-kubernetes plugin and compliance mod.

How attackers compromise container images, dependencies, CI/CD pipelines, and Helm charts to infiltrate Kubernetes clusters.

How attackers manipulate Kubernetes network traffic to intercept, redirect, or disrupt communication between workloads.

Overview, usage, and best practices for using Trivy to scan container images, file systems, and Kubernetes resources for vulnerabilities.

Trivy Operator provides Kubernetes-native security scanning by automatically scanning workloads for vulnerabilities, misconfigurations, secrets, and RBAC issues.

An overview of potential attack vectors in Kubernetes and strategies to mitigate security risks.

How attackers exploit unrestricted access to etcd to retrieve Kubernetes secrets and take control of the cluster.

How attackers exploit unrestricted hostPath mounts to gain access to the host filesystem and escalate privileges.

Vault Secrets Operator is HashiCorp's official Kubernetes operator for synchronizing secrets from Vault into Kubernetes Secrets.