-
Notifications
You must be signed in to change notification settings - Fork 2
/
aciBreakout
46 lines (46 loc) · 5.73 KB
/
aciBreakout
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
digraph {
graph [nodesep=0.2 overlap=false ranksep=0.4 splines=True]
"689d84be59424704a0158189cdee7f29" [label="Signed up to Azure" color="#03fc9d" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"689d84be59424704a0158189cdee7f29" -> f512dcfc14c6464eabc045318e1fee4c [label=Next color="#1f1f1f" fontname=Arial]
f512dcfc14c6464eabc045318e1fee4c [label="Deploy WhoC container to view runtime" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
f512dcfc14c6464eabc045318e1fee4c -> "6b53663b9d06461093e4b8f7bad45728" [label=Learn color="#1f1f1f" fontname=Arial]
"6b53663b9d06461093e4b8f7bad45728" [label="OLD runc version 1.0.0-r2" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"6b53663b9d06461093e4b8f7bad45728" -> "8e51060ab9f0457885cbbd44030ac14b" [label=Next color="#1f1f1f" fontname=Arial]
"8e51060ab9f0457885cbbd44030ac14b" [label="Deploy exploit container for CVE-2019-5736" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"8e51060ab9f0457885cbbd44030ac14b" -> bbb01944bd6e41708ec1d15fbaac0a32 [label="" color="#1f1f1f" fontname=Arial]
bbb01944bd6e41708ec1d15fbaac0a32 [label="Reverse shell on worker node" color="#03fc9d" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
bbb01944bd6e41708ec1d15fbaac0a32 -> "51bff6cb11ba42cdb27efdf27b6c5360" [label=Learn color="#1f1f1f" fontname=Arial]
"51bff6cb11ba42cdb27efdf27b6c5360" [label="Read kubelet credentials from disk" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"51bff6cb11ba42cdb27efdf27b6c5360" -> "81f957b8242e4db79e78271e8f65dbe5" [label=Next color="#1f1f1f" fontname=Arial]
"81f957b8242e4db79e78271e8f65dbe5" [label="Call KubeAPI describe pods" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"81f957b8242e4db79e78271e8f65dbe5" -> d425fdd21df746a2a0741b6d46561dfa [label=Learn color="#1f1f1f" fontname=Arial]
d425fdd21df746a2a0741b6d46561dfa [label="100+ customer pods on 120 nodes
Each customer has their own namespace" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"81f957b8242e4db79e78271e8f65dbe5" -> dac8b598bf7245e9be7cda6138aa0988 [label=Learn color="#1f1f1f" fontname=Arial]
dac8b598bf7245e9be7cda6138aa0988 [label="OLD Kubernetes versions v1.8.4, v1.9.10, v1.10.9" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
dac8b598bf7245e9be7cda6138aa0988 -> "25c9192361da4c33bc47df5782eb1cee" [label=Learn color="#1f1f1f" fontname=Arial]
"25c9192361da4c33bc47df5782eb1cee" [label="CVE-2018-1002102 kube-api follows 302 redirect" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"25c9192361da4c33bc47df5782eb1cee" -> "1cbc4146eb664fcab3387195c0a0e4ff" [label=Next color="#1f1f1f" fontname=Arial]
"1cbc4146eb664fcab3387195c0a0e4ff" [label="Attempt to redirect to kube-api pod" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"1cbc4146eb664fcab3387195c0a0e4ff" -> "424e5104c76a478fb20852d151ade0bd" [label=Fail color="#1f1f1f" fontname=Arial]
"424e5104c76a478fb20852d151ade0bd" [label="ACI uses a 'bridge' POD which is not impacted by this issue" color="#5cc1ff" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"1cbc4146eb664fcab3387195c0a0e4ff" -> "55f7d70c6f79435ca8e40ed15680248c" [label=Learn color="#1f1f1f" fontname=Arial]
"55f7d70c6f79435ca8e40ed15680248c" [label="ServiceAccount in 'AuthorizationHeader' of Exec requests" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"55f7d70c6f79435ca8e40ed15680248c" -> "2b4442634821457c84558116c3371a54" [label=Learn color="#1f1f1f" fontname=Arial]
"2b4442634821457c84558116c3371a54" [label="Decoded JWT shows this token belongs to 'bridge' service" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"2b4442634821457c84558116c3371a54" -> "9d9d602a34df49c9b6eaab5434d9e166" [label=Next color="#1f1f1f" fontname=Arial]
"9d9d602a34df49c9b6eaab5434d9e166" [label="Call SelfSubjectAccessReview with 'bridge' token" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"9d9d602a34df49c9b6eaab5434d9e166" -> "06bea6172c13440fa720f16f3ec20e02" [label=Learn color="#1f1f1f" fontname=Arial]
"06bea6172c13440fa720f16f3ec20e02" [label="Cluster-wide permissions
pods/exec privilege" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"06bea6172c13440fa720f16f3ec20e02" -> "66acfa9de3e94c819ac5c16cc286a150" [label=Next color="#1f1f1f" fontname=Arial]
"66acfa9de3e94c819ac5c16cc286a150" [label="Exec into shell on kube-API" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"66acfa9de3e94c819ac5c16cc286a150" -> "3eb45608f8984efda912c83c185a4232" [label="" color="#1f1f1f" fontname=Arial]
"3eb45608f8984efda912c83c185a4232" [label="Access to other tenants data" color="#03fc9d" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"81f957b8242e4db79e78271e8f65dbe5" -> "7c7794543ab14a3c8071ff73a965efb2" [label=Learn color="#1f1f1f" fontname=Arial]
"7c7794543ab14a3c8071ff73a965efb2" [label="Kubelets run with anonymous access" color="#ffdc5c" fontname=Arial margin=0.2 shape=box style="filled, rounded"]
"7c7794543ab14a3c8071ff73a965efb2" -> "546a5bf3869f43fb929912ae2de0b58b" [label=Next color="#1f1f1f" fontname=Arial]
"546a5bf3869f43fb929912ae2de0b58b" [label="Access another customer's kubelet" color="#ff5c5c" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
"546a5bf3869f43fb929912ae2de0b58b" -> "308e0ba22a3245eb886a4496dd3b5daf" [label=Fail color="#1f1f1f" fontname=Arial]
"308e0ba22a3245eb886a4496dd3b5daf" [label="Blocked by firewall" color="#5cc1ff" fontname=Arial margin=0.2 shape=plaintext style="filled, rounded"]
}