Fun with Caddy - SSRF Testing

Recently I’ve been looking at SSRF in Kubernetes. When testing for SSRF, I find it very useful to have a webserver/reverse proxy that I control and can configure to do a number of tasks. I’ve been using Caddy for this. In this post I’ll show you how to use Caddy to test for SSRF.

Fun with SSRF - Turning the Kubernetes API Server into a port scanner

I thought I’d start the new year with something a little fun that I’ve been looking at over the break (well for a certain definition of the word ‘fun’ :) ). Kubernetes has quite a rich API and in the various objects that you can create, some of them have URL or Service fields which, when used, cause the Kubernetes API server itself to make network requests (generally over HTTPS). Knowing this, it feels a bit like a Server-Side Request Forgery (SSRF) attack, so I wondered how possible it would be to implement something that can be used to scan for open ports on a target host from the Kubernetes API server.

Attack of the clones - Stealthy Kubernetes persistence with eathar, tòcan and teisteanas

Follwing on from the PCI Series I thought it’d be nice to do a bit more of an attack focused piece for a change!

PCI Compliance for Kubernetes in detail - Part 16 - Segmentation

This is the sixteenth part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at the Segmentation section. An index of the posts in this series can be found here.

PCI Compliance for Kubernetes in detail - Part 15 - Configuration Management

This is the fifteenth part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at the Configuration Management section. An index of the posts in this series can be found here.

PCI Compliance for Kubernetes in detail - Part 14 - Version Management

This is the fourteenth part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at the Version Management section. An index of the posts in this series that I’ve written so far can be found here.

PCI Compliance for Kubernetes in detail - Part 13 - Registry

This is the thirteenth part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at the “Registry” section which talks about Container Registry controls. An index of the posts in this series can be found here.

PCI Compliance for Kubernetes in detail - Part 12 - Container Image Building

This is the twelfth part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at Container Image Building. An index of the posts in this series can be found here.

PCI Compliance for Kubernetes in detail - Part 11 - Resource Management

This is the eleventh part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at Resource Management. An index of the posts in this series can be found here.

PCI Compliance for Kubernetes in detail - Part 10 - Patching

This is the tenth part of a series of posts looking at the PCI recommendations for container security as they apply to Kubernetes environments. This time we’re looking at Patching. An index of the posts in this series can be found here..