Accessing the Kubernetes API using captured credentials and HTTP clients

When attacking a Kubernetes cluster it is common to run into scenarios where you can obtain access to leaked Kubernetes credentials. This blog post will talk in detail about a number of different ways you can actually use those credentials to interact with the Kubernetes API, especially in scenarios where you might only have access to simple tools like wget or curl with which to make the connection.

More …

Kubernetes EKS Authentication internal workings and abuses

Wanted to do a quick follow up/addition to this previous post here where I talked about Kubernetes authentication. This time around, I’m going to talk a little about the workings of the AWS EKS authentication extension for Kubernetes, which allows you to make calls to the Kubernetes API by authenticating using AWS credentials, so you can better understand how it can be abused.

More …