KubeCon EU 2024 CTF Writeup

Once again, ControlPlane are running a Kubernetes CTF at Kubecon EU 2024. As always, I enjoy taking part in these as they make some really good challenges. They had 3 challenges as always, and this post goes over how I approached the challenges.
Read more →

KubeCon NA 2023 CTF Writeup

Following on shortly from the EKS Cluster Games was Kubecon NA 2023. As is tradition, ControlPlane ran an absolutely amazing CTF which encompassed a number of areas of Kubernetes security from container breakouts to manipulating network policies. So of course, as always, I took part. This post goes over the three scenarios they had, and how I approached them - from what I remember at least.
Read more →

Data Exfiltration through VPC Endpoints

It is common for me to see VPCs that are unable to communicate with the public internet to achieve a “private” network. This is typically done to reduce the attack surface of the network, aiding in its security. For example, making it difficult to establish Command and Control (C2) channels, reducing public exposure of sensitive endpoints, preventing data exfiltration, etc. It is also quite simple to do, just don’t deploy resources such as an Internet Gateway.
Read more →

Creating Constrained Certificate Authorities

For our home labs, we have a number of internal systems between the two of us including a number of web services. Originally, these were accessed over plaintext HTTP connections, or bypassing any certificate trust errors for HTTPS connections when connecting. However, we wanted to create a more secure setup. The problem was finding a way to do that without the shared CA infrastructure opening security holes elsewhere.
Read more →