From f8d11e510ae11810caf1d4d3bfd6ac665b409784 Mon Sep 17 00:00:00 2001 From: Kevin Ward Date: Fri, 24 Nov 2023 14:30:25 +0000 Subject: [PATCH] docs: update the scenario descriptions for the README --- docs/2023-cncf-ctf-walkthroughs/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/2023-cncf-ctf-walkthroughs/README.md b/docs/2023-cncf-ctf-walkthroughs/README.md index 5068fd97..d65bf73e 100644 --- a/docs/2023-cncf-ctf-walkthroughs/README.md +++ b/docs/2023-cncf-ctf-walkthroughs/README.md @@ -12,13 +12,13 @@ The table below outlines each scenario, learning objectives, technology used and | --- | --- | --- | --- | --- | --- | --- | | [Seven Seas](seven-seas/README.md) | seven-seas | Sail the Seven Seas, find all the missing map pieces and plunder the Royal Fortune | Kubernetes Fundamentals, Container Enumeration and Exploitation | Kubernetes Secrets, Container Images, Pod Security Standards, Network Policy, Pod Logs, Service Accounts and RBAC, Sidecar Containers | Easy | 2 | | [Commandeer Container](commandeer-container/README.md) | commandeer-container | Use Kubernetes to Smuggle aboard and find the hidden treasure | Accessing Containers without `kubectl exec` | Kubernetes Secrets, Container Images, Service Accounts and RBAC | Easy | 1 | -| [CI Runner Next-Generation Breakout](ci-runner-ng-breakout/README.md) | ci-runner-ng-breakout | | Container breakout via containerd | Docker, Containerd | Easy | 1 | -| [PSS Misconfiguration](pss-misconfiguration/README.md) | pss-misconfiguration | | Pod Security Standards, Pod Security Admission | Pod Security Standards, Pod Security Admission | Medium | 3 | -| [Build a Backdoor](build-a-backdoor/README.md) | build-a-backdoor | | Kubernetes Ingress, Services and Network Policies | Kubernetes Ingress, Services, Network Policies, Kyverno | Medium | 2 | -| [Cease and Desist](cease-and-desist/README.md) | cease-and-desist | | Cilium Network Policies | Kubernetes Secrets, Cilium Network Policies | Medium | 2 | -| [Devious Developer Data Dump](devious-developer-data-dump/README.md) | devious-developer-data-dump | | From secret discovery in a code repository to full cluster compromise | Gitea, GitHub Action Runners, Zot, SQL Database | Complex | 2 | -| [Identity Theft](identity-theft/README.md) | identity-theft | | Realistic adversary initial access and OIDC token abuse | custom vulnerable application (pod schema validation), Dex, Kubernetes Services, Service Accounts and RBAC | Complex | 2 | -| [Coastline Cluster Attack](coastline-cluster-attack/README.md) | coastline-cluster-attack | | Leveraging ephemeral containers for initial access, service account enumeration and privilege escalation, service account token abuse, vulnerable daemonsets | Ephemeral containers, Service Accounts and RBAC, Service Account Tokens, Custom "red herring" applications, Elasticsearch, Fluentbit Daemonsets | Complex | 3 | +| [CI Runner Next-Generation Breakout](ci-runner-ng-breakout/README.md) | ci-runner-ng-breakout | An adversary has exploited CI runner and reached the underlying host. Can you find out how? | Container breakout via containerd | Docker, Containerd | Easy | 1 | +| [PSS Misconfiguration](pss-misconfiguration/README.md) | pss-misconfiguration | In the transition away from Pod Security Policy an adversary has deployed a malicious workload which resists removal. Unravel the mystery and remove the workload off the cluster | Pod Security Standards, Pod Security Admission | Pod Security Standards, Pod Security Admission | Medium | 3 | +| [Build a Backdoor](build-a-backdoor/README.md) | build-a-backdoor | Install a backdoor onto a Kubernetes cluster for Captain Hλ$ħ𝔍Ⱥ¢k to exploit | Kubernetes Ingress, Services and Network Policies | Kubernetes Ingress, Services, Network Policies, Kyverno | Medium | 2 | +| [Cease and Desist](cease-and-desist/README.md) | cease-and-desist | Fix the reform-kube licensing server and get production running again | Cilium Network Policies | Kubernetes Secrets, Cilium Network Policies | Medium | 2 | +| [Devious Developer Data Dump](devious-developer-data-dump/README.md) | devious-developer-data-dump | Exploit a public repository to access a production environment and steal sensitive data | From secret discovery in a code repository to full cluster compromise | Gitea, GitHub Action Runners, Zot, SQL Database | Complex | 2 | +| [Identity Theft](identity-theft/README.md) | identity-theft | Exploit a public facing application, obtain a foothold on the cluster and access a secret store | Realistic adversary initial access and OIDC token abuse | custom vulnerable application (pod schema validation), Dex, Kubernetes Services, Service Accounts and RBAC | Complex | 2 | +| [Coastline Cluster Attack](coastline-cluster-attack/README.md) | coastline-cluster-attack | Pivot across multiple systems, escalate privileges and obtain full cluster compromise | Leveraging ephemeral containers for initial access, service account enumeration and privilege escalation, service account token abuse, vulnerable daemonsets | Ephemeral containers, Service Accounts and RBAC, Service Account Tokens, Custom "red herring" applications, Elasticsearch, Fluentbit Daemonsets | Complex | 3 | ### Difficulty Rating