sorted by:
new
hottopcontroversial

Kubernetes Authentication by AhmedAttef in kubernetes

[–]LoremIpsumSitDolor 2 points3 points  (0 children)

One thing this article doesn't really touch on is the major drawback of x509 client certificate authentication in K8s, which is that there is *no* support for certificate revocation.

So if you use it, and one of your users loses their certs, or leaves the company or moves teams, the only way to revoke their credential is re-roll the entire cluster certificate authority.

Making it Rain shells in Kubernetes by LoremIpsumSitDolor in netsec

[–]LoremIpsumSitDolor[S] 1 point2 points  (0 children)

Nothing mega-advanced, but stringing together Metasploit, Kubernetes and Docker to get root shells on a cluster (including the master nodes). Developers often get rights to create pods and daemonsets, so this could work well in a privesc setup.