Kubernetes LAN Party

My score: 0 pts.

Train Your Team About Leaderboard Register

choose your challenge:

Who will guard the guardians?

Where pods are being mutated by a foreign regime, one could abuse its bureaucracy and leak sensitive information from the administrative services.

Challenge value: 10 pts.

View Policy

Found an issue? Email us at research@wiz.io

With ❤️ by @nirohfeld & @shirtamari from Wiz

K8s Cheat Sheet

Get Pods: kubectl get pods
Get Secrets: kubectl get secrets
Describe Pod: kubectl describe pod <pod_name>
Login To Registry crane auth
Export filesystem of a container crane export
Get the config of an image crane config
Get Service Account kubectl get serviceaccount
Create service account token: kubectl create token [service_account]
Get AWS Identity: aws sts get-caller-identity

apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: apply-flag-to-env
  namespace: sensitive-ns
spec:
  rules:
    - name: inject-env-vars
      match:
        resources:
          kinds:
            - Pod
      mutate:
        patchStrategicMerge:
          spec:
            containers:
              - name: "*"
                env:
                  - name: FLAG
                    value: "{flag}"

null

null

choose your challenge:

Who will guard the guardians?

Hint #1

Reveal Hint?

Solve one more challenge and get a certificate!

Found an issue? Email us at research@wiz.io

With ❤️ by @nirohfeld & @shirtamari from Wiz

K8s Cheat Sheet