offsec notes
reading list
TGlist rating
0
0
TypePublic
Verification
Not verifiedTrust
Not trustedLocation
LanguageOther
Channel creation dateNov 13, 2023
Added to TGlist
Feb 10, 2025Log in to unlock more functionality.
* Complications of talking about Kubernetes security
* Managed and unmanaged Kubernetes distributions
* Areas of discussion
* Kubernetes components and ports
- Unmanaged Kubernetes
- Managed Kubernetes
* Securing Kubernetes APIs
* Kubernetes authentication principles
- Internal Kubernetes authentication methods
- Static token authentication
- Bootstrap tokens
- X.509 client certificates
- Service account tokens
* External authentication methods
- OpenID Connect (OIDC)
- Webhook token authentication
- Authenticating proxy
- Impersonating proxy
* Authentication for other Kubernetes components
- Kubelet
- Controller manager and scheduler
- Kube-proxy
- Etcd
* Kubernetes authorization principles
* Kubernetes authorization modules
- AlwaysAllow and AlwaysDeny
- Node Authorizer
- ABAC
- RBAC
- Webhook
* Authorization for other Kubernetes components
- Kubelet
- Scheduler and Controller Manager
* Admission control overview
- Internal admission controllers
- External admission controllers
* Risks of implementing external admission control
- Using admission control for pod security
* Network trust zones
* Introduction to CNI
* Managing network access in Kubernetes
* Securing the cluster network
* Conclusion
* Appendix - Setting up a demonstration environment
* Am I Testing Keycloak?
* Keycloak Version Information
* OpenID Configuration /SAML Descriptor
* Realms (Enumeration && Self-Registration Enabled)
* Client IDs
* Scopes
* Grants
* Identity Providers
* Roles
* User Email Enumeration
Reconnaissance
/realms/realm_name/)