How to Hack ArgoCD to Cluster Administrator

preview_player
Показать описание


00:00 - Kubernetes
01:07 - Background on Kubernetes and GitHub
04:05 - Demo Explanation
07:29 - Hijack
12:04 - Escape
17:55 - Foreshadowing

🔥 YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
  1. John Hammond
  2. cybersecurity
  3. learn
  4. programming
  5. coding
  6. capture the flag
Рекомендации по теме
How to Hack 0:19:24

How to Hack ArgoCD to Cluster Administrator

Why your Microservices 0:09:24

Why your Microservices need ArgoCD?!

GitOps Guide to 1:03:00

GitOps Guide to the Galaxy (Ep 16): Using RBAC with ArgoCD

Unlocking Argo CD’s 0:29:04

Unlocking Argo CD’s Hidden Tools for Chaos Engineering - Featuring... - D Garfield & B Phillips...

Kubernetes Continuous Deployment 0:27:40

Kubernetes Continuous Deployment using Argo CD and GitOps on AWS EKS

Shh, It’s a 0:34:43

Shh, It’s a Secret: Managing Your Secrets in a GitOps Way - Jake Wernette & Josh Kayani, IBM

Argo CD Health 0:00:16

Argo CD Health

5 common Argo 0:56:47

5 common Argo CD issues and how to fix them

5 common Argo 1:03:43

5 common Argo CD issues and how to fix them

Kubernetes Awesome #2 0:20:59

Kubernetes Awesome #2 - ArgoCD : gérer facilement en mode GitOps ses apps Kubernetes 😍

GitOps Guide to 1:03:07

GitOps Guide to the Galaxy (Ep 16): Using RBAC with ArgoCD

Kubernetes Master Class 1:15:54

Kubernetes Master Class - Avoiding configuration drift with Argo CD

Securing GitOps Supply 0:25:36

Securing GitOps Supply Chain with Sigstore and Kyverno - Roberto Carratala & Faz Sadeghi, Red Ha...

GitOps With Argo-CD 0:48:46

GitOps With Argo-CD : Deploying Apps to Kubernetes

GitOps Guide to 1:02:21

GitOps Guide to the Galaxy (E36) | Argo CD at University of Michigan

Hacking Cloud Native 0:34:35

Hacking Cloud Native applications through Open Source

TL;DR on Docker, 0:13:59

TL;DR on Docker, Kubernetes and ArgoCD

GitOps Guide to 0:57:47

GitOps Guide to the Galaxy (Ep 34) | Autopilot with Codefresh

Argo Rollouts in 0:05:08

Argo Rollouts in CloudBees CD/RO

GitOps Happy Hour 1:02:45

GitOps Happy Hour (Ep 7): Syncwaves and Hooks with ArgoCD

GitOps Guide to 1:04:52

GitOps Guide to the Galaxy (Ep 52) | Argo CD: What's Next

ArgoCon '21 - 0:15:56

ArgoCon '21 - Maintainer Update on Argo CD and Rollouts (Jesse Suen)

How Adobe Planned 0:35:52

How Adobe Planned For Scale With Argo CD, Cluster API, And VCluster - Joseph Sandoval & Dan Garf...

GitOps Guide to 0:52:30

GitOps Guide to the Galaxy (Ep 27) | Argo Workflows

Комментарии
Автор

Real world issues, what a content from this guys 🔥

randomone
Автор

This whole depends on already having access to github first (inside job), and if you have that then argocd must be setup to automatically sync changes (hopefully no sane devops person does that for production ), then bad pod depends on ability to run privileged container what again should not be possible on configured cluster. Its basic escape from container via mounting the host os filesystem, something that works great on docker containers usually but kubernetes setup properly would not allow. Just set pod sec admission policy :)

vladoportos
Автор

You guys are so knowledgeable, if only I had that kind of knowledge. Just hearing about docker makes scared stiff. I'm really afraid of messing things up. Great video as usual!

wearefiresidesessions
Автор

Great video! I'd love to have more context on how to remediate things like this in the future, maybe geared towards blue-teamers? Breaking stuff is definitely fun, but sometimes we gotta fix it too. :-p I'm also super glad you left a little troubleshooting in there! It helps set a realistic expectation of what working in tech (not just security) is like.

imoshtokill
Автор

The problem with this is, if your k8s admins do not set the psp to deny privileged pods and deny mounting outside of a specific csi then you need to find a new admin as these are k8s security 101 as those two settings alone would stop this

crashtfa
Автор

@John Hammond is there a playlist for the series?

OleksaBaida
Автор

Nice Vid...If I could suggest a similar topic....so now what is happening is telecom providers are moving towards a containerized Core, probably using platforms like RHOCP. What could actually go wrong and how the security of these applications being spun up for telco are comprised, potentially revealing a lot of user related

karanb
Автор

Hey, as always awesome video. Do you know, by any chance, what's that autoprompt thing that Ignacio has in his Console? The one that is hinting the whole command just when he is starting writing?

Mlynus
Автор

0:16 Carlos Polop isn't the guy on the right, he's the guy in the middle xD

niffdjfm
Автор

Please do APIs. I would love to see how to hack APIs on a real webapp

katendemusa
Автор

Yo John, will u keep working with scammer payback? or that was it

demotedcder
Автор

How does Ignacio has the biggest, proffessional looking mic, yet the quality is worse than my friends webcam-integrated mic over discord? 0.o

ultimate