oriagmon
b95feebcba
Added a lot of active hunters, using different API Server methods to publish all relevant events from a compromised pod
2018-11-07 22:32:18 +02:00
oriagmon
eaa0d8e8e0
Added two hunters attempting to exploit authorized pod RBAC configurations
2018-11-07 22:32:17 +02:00
oriagmon
5a790b1ece
Listen on port 443 as well now.
2018-11-07 22:32:17 +02:00
ori.agmon
359b766e17
Fixed PR comment: Added proper exception handling.
...
Added logging for this hunter.
2018-11-07 22:32:17 +02:00
ori.agmon
a3b80dc92d
Improved vulnerability description for this hunter
2018-11-07 22:32:17 +02:00
ori.agmon
a3a7e33f9c
Minor changes-> removed unused imports & small fixes
2018-11-07 22:32:17 +02:00
ori.agmon
2930167d78
Added apiserver hunter, would attempt to get the service account token and access the server api with it
2018-11-07 22:32:17 +02:00
ori.agmon
369e70ad6e
Fixed the PR comments :-)
2018-11-07 22:32:17 +02:00
ori.agmon
72dfbdc34d
Fixed the PR comments :-)
2018-11-07 22:32:17 +02:00
ori.agmon
c200fcc416
Improved unauthorized access false positive on edge case (where user is running using https & 127.0.0.1 & needed certificates)
2018-11-07 22:32:17 +02:00
ori.agmon
a67e6a57c3
Added evidence to the no auth event & tested it on a vulnerable remote cluster (and it worked!)
2018-11-07 22:32:17 +02:00
ori.agmon
5d6eea72f7
Updated the todos list
2018-11-07 22:32:17 +02:00
ori.agmon
5dbcdcedb7
Added categories to all vulnerabilities
2018-11-07 22:32:17 +02:00
ori.agmon
2da03d812d
Fixed a small bug in the active hunter
2018-11-07 22:32:17 +02:00
ori.agmon
0299800cd2
Fixed a small bug in the active hunter
2018-11-07 22:32:17 +02:00
ori.agmon
730b19547b
Fixed a small bug in the active hunter & passive hunter
2018-11-07 22:32:17 +02:00
ori.agmon
1d7120bfe1
Updated the TODOS list (Only 2 left!)
2018-11-07 22:32:17 +02:00
ori.agmon
5e42246773
Added some evidences to events & deleted unused code
2018-11-07 22:32:17 +02:00
ori.agmon
40213db654
I've Split the etcd hunters to hunting & discovery dirs
2018-11-07 22:32:17 +02:00
ori.agmon
9148d5273b
Added init method to the etcd active hunter
2018-11-07 22:32:17 +02:00
ori.agmon
0a4c80cb09
Solved some exception bugs & did some refactoring to code & Added event & splited active & passive hunter
2018-11-07 22:32:17 +02:00
ori.agmon
e764d5f21b
Solved some exception bugs & did some refactoring to code & Added event
2018-11-07 22:32:17 +02:00
ori.agmon
09c076c6a5
Solved some exception bugs & did some refactoring to code
2018-11-07 22:32:17 +02:00
ori.agmon
10e9a63e50
Added timeout for each request.
...
Finished with some of the TODOS tasks (added logs).
Added another TODO task for this branch.
2018-11-07 22:32:17 +02:00
ori.agmon
bca2f3614c
Edited some of the etcd checking & added 2379 port checking
2018-11-07 22:32:17 +02:00
ori.agmon
242260b03e
Added some remote access to etcd checks.
2018-11-07 22:32:17 +02:00
oriagmon
590ba9d3f2
Solved spacing conflict
2018-10-21 11:57:58 +03:00
oriagmon
54da07a73e
Cleaned this branch to contain only updated secrets branch without locking
2018-10-21 11:23:30 +03:00
oriagmon
b37ebf0fee
Removed note & added parentheses to a return statement condition
2018-10-17 10:44:34 +03:00
oriagmon
568e96c2f4
merged with multi-threaded-bug
2018-10-16 17:18:36 +03:00
oriagmon
1b18825b5e
Merge branch 'solve-multi-threading-bug' into access-secrets-hunter
2018-10-16 17:16:42 +03:00
ori.agmon
1883abaa23
Updated read me for devs so the mistake won't happen again
2018-10-16 17:12:42 +03:00
ori.agmon
1e4ead93f4
Created RunningAsPodEvent
...
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
2018-10-16 17:12:42 +03:00
ori.agmon
1f01076cf6
Created RunningAsPodEvent
...
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
2018-10-16 17:12:42 +03:00
ori.agmon
08f38c623f
Had to remove the Azure component form the hunting/aks since it made a circular dependency bug!
2018-10-16 17:12:36 +03:00
ori.agmon
1f9b611237
Fixed all PR comments, just have to change the subscription now..
2018-10-16 17:12:24 +03:00
ori.agmon
eb5a0a6df2
Removed try & except & added logging
2018-10-16 17:12:24 +03:00
ori.agmon
8a8f2272ec
changed subscription
2018-10-16 17:12:24 +03:00
ori.agmon
efd2563e2a
Improved description for this hunter
2018-10-16 17:12:24 +03:00
ori.agmon
d3658f2d3d
removed the traceback after tested successfully
2018-10-16 17:12:24 +03:00
ori.agmon
5de247b0f5
changed the way im checking how many secrets there are at the default secrets path
2018-10-16 17:12:24 +03:00
ori.agmon
c7b1874dbb
changed the way im checking how many secrets there are at the default secrets path
2018-10-16 17:12:24 +03:00
ori.agmon
e66f427f92
access to secrets from within the pod hunter
2018-10-16 17:12:12 +03:00
oriagmon
086a403559
locked variables
2018-10-16 17:03:57 +03:00
oriagmon
8462eba1b1
Intending
2018-10-16 16:53:57 +03:00
oriagmon
229347e9fa
Attempting to solve the threading bug, I will do more checking to be sure its gone
2018-10-16 16:53:07 +03:00
ori.agmon
493d7d6d38
Created RunningAsPodEvent
...
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
2018-10-14 15:24:11 +03:00
ori.agmon
4b466f61c3
Created RunningAsPodEvent
...
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
2018-10-14 15:10:14 +03:00
ori.agmon
bff5ce7558
Had to remove the Azure component form the hunting/aks since it made a circular dependency bug!
2018-10-14 15:10:14 +03:00
ori.agmon
0c6de23c65
Fixed all PR comments, just have to change the subscription now..
2018-10-14 12:00:13 +03:00
