This week's articles
Privilege Escalation in Google Cloud Platform's OS Login
Write-up which explains in detail how OS Login works and then outlines three methods of privilege escalation. The first two (via LXD and via Docker) are straightforward and use previously-known methods to abuse the OS Login implementation. The third (hijacking the metadata server) is brand new, a bit more complex, and probably the most interesting to read.
Comparison of Kubernetes managed services
A spreadsheet which compares many different features of Kubernetes managed services such as Google Kubernetes Engine (GKE), Elastic Kubernetes Service (EKS) and Azure Kubernetes (AKS).
When it's not only about a Kubernetes CVE...
When Kubernetes is deployed in a managed environment, the controller manager is handled by the cloud provider but the request for asking volume creation is emitted from the internal cloud provider network. This can be exploited (CVE-2020–8555) to access the cloud provider's internal resources and to enable several other attacks, such as dumping internal credentials and performing privilege escalation.
|