Level Sony M.
Back to Experience

Cybersecurity Analyst – Vulnerabilities, IoT & Kubernetes

Advens

October 2023
Lyon, France

Analysis and remediation of security flaws in cloud-native and IoT infrastructures during a CTF event.

Kubernetes Docker IoT CTF Security
Table des matières

Missions

Identify and exploit vulnerabilities in Kubernetes and IoT environments during a CTF organized by Advens, a leading cybersecurity company.

Défis

Working under pressure in a competitive CTF environment, quickly analyzing unknown complex systems, and exploiting vulnerabilities within tight deadlines.

Technique

Kubernetes vulnerability exploitation (RBAC, secrets, privileged pods), IoT security analysis, use of offensive tools (nmap, metasploit, burp suite), network pivoting techniques.

Overview

Participation in the Hackvens event organized by Advens, a leading cybersecurity company in France. This CTF (Capture The Flag) event allowed me to test my offensive security skills on cloud-native and IoT infrastructures.

Event Context

Hackvens is a cybersecurity event that brings together professionals and enthusiasts to solve realistic security challenges. The goal was to identify and exploit vulnerabilities in simulated environments representing real-world cases.

Tested Environments

Kubernetes Infrastructure

I worked on several scenarios involving misconfigured Kubernetes clusters:

  • Privilege escalation via RBAC: Exploiting overly permissive permissions
  • Secret extraction: Retrieving credentials stored in Kubernetes secrets
  • Privileged pods: Using pods with elevated privileges to compromise the host node
  • Service accounts: Exploiting service accounts with excessive permissions

IoT Devices

IoT challenges included:

  • Firmware analysis to identify backdoors
  • Exploitation of unsecured protocols (MQTT, HTTP)
  • Interception and manipulation of device communications
  • Access to unprotected admin interfaces

Techniques and Tools Used

Reconnaissance and Enumeration

# Network scan with nmap
nmap -sV -sC -p- target-ip

# Kubernetes enumeration
kubectl get pods --all-namespaces
kubectl auth can-i --list

Exploitation

  • Metasploit Framework for automated exploitation
  • Burp Suite for HTTP request analysis and manipulation
  • kubectl for cluster interaction
  • Docker for image and container analysis

Post-Exploitation

Network pivoting and persistence techniques to maintain access to compromised systems.

Applied Methodology

  1. Reconnaissance: Information gathering about the target
  2. Scanning: Service and vulnerability identification
  3. Exploitation: Exploiting identified flaws
  4. Post-Exploitation: Privilege escalation and pivoting
  5. Documentation: Writing detailed reports

Lessons Learned

About Kubernetes Security

  • The importance of the principle of least privilege
  • Dangers of unsecured default configurations
  • The necessity of properly configured Network Policies
  • The importance of securing secrets and using solutions like Vault

About IoT

  • Many IoT devices lack basic security
  • Unencrypted protocols are still widely used
  • The importance of regular firmware updates
  • The need to segment the IoT network

Reflections

This experience confirmed that security must be built-in from design (Security by Design) rather than added as an afterthought. It also reminded me of the importance of staying humble - even systems that seem secure can have hidden flaws.

Teamwork under pressure taught me to communicate technical discoveries effectively and to prioritize tasks based on their impact.

Responsabilités

  • Analyze and remediate security vulnerabilities on Kubernetes clusters and IoT devices.
  • Actively participate in CTF (Capture The Flag) competitions to maintain cutting-edge offensive security awareness.