GitBook: [#3014] No subject
This commit is contained in:
parent
fa5fe01ebc
commit
b619d13e25
14
SUMMARY.md
14
SUMMARY.md
|
@ -513,21 +513,21 @@
|
|||
* [Github Security](cloud-security/github-security/README.md)
|
||||
* [Basic Github Information](cloud-security/github-security/basic-github-information.md)
|
||||
* [Kubernetes Security](pentesting/pentesting-kubernetes/README.md)
|
||||
* [Kubernetes Basics](pentesting/pentesting-kubernetes/kubernetes-basics.md)
|
||||
* [Pentesting Kubernetes Services](pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md)
|
||||
* [Exposing Services in Kubernetes](pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md)
|
||||
* [Attacking Kubernetes from inside a Pod](pentesting/pentesting-kubernetes/attacking-kubernetes-from-inside-a-pod.md)
|
||||
* [Kubernetes Enumeration](cloud-security/pentesting-kubernetes/kubernetes-enumeration.md)
|
||||
* [Kubernetes Role-Based Access Control (RBAC)](pentesting/pentesting-kubernetes/kubernetes-role-based-access-control-rbac.md)
|
||||
* [Abusing Roles/ClusterRoles in Kubernetes](cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/README.md)
|
||||
* [K8s Roles Abuse Lab](cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/k8s-roles-abuse-lab.md)
|
||||
* [Pod Escape Privileges](cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/pod-escape-privileges.md)
|
||||
* [Pentesting Kubernetes Services](pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md)
|
||||
* [Kubernetes Role-Based Access Control (RBAC)](pentesting/pentesting-kubernetes/kubernetes-role-based-access-control-rbac.md)
|
||||
* [Attacking Kubernetes from inside a Pod](pentesting/pentesting-kubernetes/attacking-kubernetes-from-inside-a-pod.md)
|
||||
* [Kubernetes Basics](pentesting/pentesting-kubernetes/kubernetes-basics.md)
|
||||
* [Exposing Services in Kubernetes](pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md)
|
||||
* [Kubernetes Namespace Escalation](cloud-security/pentesting-kubernetes/namespace-escalation.md)
|
||||
* [Kubernetes Access to other Clouds](cloud-security/pentesting-kubernetes/kubernetes-access-to-other-clouds.md)
|
||||
* [Kubernetes Hardening](pentesting/pentesting-kubernetes/kubernetes-hardening/README.md)
|
||||
* [Monitoring with Falco](pentesting/pentesting-kubernetes/kubernetes-hardening/monitoring-with-falco.md)
|
||||
* [Kubernetes SecurityContext(s)](pentesting/pentesting-kubernetes/kubernetes-hardening/kubernetes-securitycontext-s.md)
|
||||
* [Kubernetes NetworkPolicies](pentesting/pentesting-kubernetes/kubernetes-hardening/kubernetes-networkpolicies.md)
|
||||
* [Kubernetes Access to other Clouds](cloud-security/pentesting-kubernetes/kubernetes-access-to-other-clouds.md)
|
||||
* [Namespace Escalation](cloud-security/pentesting-kubernetes/namespace-escalation.md)
|
||||
* [Cloud Security Review](cloud-security/cloud-security-review.md)
|
||||
* [AWS Security](cloud-security/aws-security.md)
|
||||
|
||||
|
|
|
@ -483,6 +483,18 @@ There is a gcloud API endpoint that aims to **list all the resources the accessi
|
|||
[gcp-persistance.md](gcp-persistance.md)
|
||||
{% endcontent-ref %}
|
||||
|
||||
## Capture gcloud, gsutil... network
|
||||
|
||||
```bash
|
||||
gcloud config set proxy/address 127.0.0.1
|
||||
gcloud config set proxy/port 8080
|
||||
gcloud config set proxy/type http
|
||||
gcloud config set auth/disable_ssl_validation True
|
||||
|
||||
# If you don't want to completely disable ssl_validation use:
|
||||
gcloud config set core/custom_ca_certs_file cert.pem
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
* [https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/](https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/)
|
||||
|
|
|
@ -52,7 +52,9 @@ Another important details about enumeration and Kubernetes permissions abuse is
|
|||
|
||||
If you have compromised a namespace you can potentially escape to other namespaces with more interesting permissions/resources:
|
||||
|
||||
|
||||
{% content-ref url="../../cloud-security/pentesting-kubernetes/namespace-escalation.md" %}
|
||||
[namespace-escalation.md](../../cloud-security/pentesting-kubernetes/namespace-escalation.md)
|
||||
{% endcontent-ref %}
|
||||
|
||||
### From Kubernetes to the Cloud
|
||||
|
||||
|
|
Loading…
Reference in New Issue