twistlock / whoc
A container image that exfiltrates the underlying container runtime to a remote server
☆126Updated last year
Related projects: ⓘ
- ☆90Updated 4 months ago
- Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.☆34Updated 2 years ago
- Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.☆159Updated 10 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆78Updated 7 months ago
- Kubernetes POC for utilizing write mount to /var/log for getting a root on the host☆89Updated 3 years ago
- A POC for DNS spoofing in kubernetes clusters. Runs with minimum capabilities, on default installations of kuberentes.☆74Updated 5 years ago
- a tool to audit the istio service mesh☆173Updated 2 years ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆84Updated 5 years ago
- Kubernetes Pwnage for all☆54Updated 3 years ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆49Updated 2 years ago
- Kubernetes Easter CTF☆58Updated 4 years ago
- Automated GKE Kubelet Impersonation and Cluster Secret Stealer via kube-env☆102Updated 5 years ago
- ☆24Updated 4 months ago
- Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of spec…☆227Updated 11 months ago
- ☆230Updated last week
- Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego☆331Updated 8 months ago
- Links and resources for the O'Reilly Kubernetes Security book☆98Updated 3 years ago
- A beginner-friendly CTF about Kubernetes security.☆76Updated 2 years ago
- Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.☆43Updated last year
- agent for handling seccomp descriptors for container runtimes☆41Updated 7 months ago
- Kubernetes Unhinged Shell 😎☆46Updated last year
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆64Updated 9 months ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆71Updated last year
- Runtime security plug to protect user containers☆64Updated this week
- ☆27Updated 2 months ago
- ✨🔐 CNCF Fuzzers☆111Updated this week
- CVE-2019-5736 POCs☆81Updated 4 years ago
- A repository to store Rad Fingerprinting data.☆23Updated last month
- Information about Kubernetes CVE-2020-8558, including proof of concept exploit.☆42Updated 4 years ago
- Exploit for CVE-2021-25741 vulnerability☆28Updated 2 years ago