![]() ![]() Written by Russel Van Tuyl to be suitable for us. We searched for an open-source that provide that heavy lifting for a cross-platform system, and we found Merlin, Instead of creating a project for each one, we thought it could be better to make a new tool that will centralize the new tools, and this is when Kubesploit was created. We already had two open-source tools ( KubiScan and kubeletctl) related to Kubernetes, and we had an idea for more. We wanted to create an offensive tool that will meet these requirements.īut we had another reason to create such a tool. It can help the organization learn how to operate when real attacks happen, see if its other detection system works as expected and what changes should be made. When running an exploit, it will practice the organization's cyber event management, which doesn't happen when scanning for cluster issues. It is important to run the exploit to simulate a real-world attack that will be used to determine corporate resilience across the network. They might allow you to see the problem but not exploit it. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl Our Motivation ![]()
0 Comments
Leave a Reply. |