Hackers of India

KubeSF V1.2 - Kubernetes Security Posture Audit Suite

By  Abhishek S   Ajith Prabhu  on 03 Apr 2025 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
KUBESF

Abstract

KubeSF v1.2 (previously known as KubePWN) - A security audit suite for K8s is a powerful, lightweight and platform independent security tool designed to help security professionals and administrators to enhance and measure the security posture of on-prem Kubernetes clusters. Organizations are always committed to enhance the security of their containerized applications to mitigate potential vulnerabilities and to strengthen the overall security posture.

KubeSF framework encompasses a range of features and solutions, one of the prominent feature of KubeSF is that the security posture auditing is done at both pod level and namespace level and the relevant fix recommendations are also provided which eases the job of security professionals and administrators to assess and mitigate issues at a broader scope. Other prominent feature of KubeSF is that it performs static and runtime analysis with bare minimum permissions. KubeSF is capable of identifying and managing risky container capabilities which in turn prevents potential exploits. Our framework incorporates robust mechanisms to detect kernel exploits and privilege escalation vectors within containers to safeguard against potential container breakouts and privilege escalations. It also evaluates the permissions of service account tokens helping to ensure proper access controls, thus minimizing the potential of unauthorized access and damage to the cluster. It also has the capability to check for sensitive information in the container when abused may lead to unintended consequences. Moreover, it also provides granular security control auditing, allowing administrators to check, define and enforce customized security policies for pods. Furthermore, the KubeSF framework conducts thorough configuration audits of various protection mechanisms like Seccomp AppArmor, SELinux.

The framework boasts a user-friendly interface and an easy-to-use dashboard which makes it simple for security professionals and administrators to assess the security posture of the cluster at their fingertips, with KubeSF one can assess the security posture of a kubernetes cluster and follow the recommendations mentioned to ensure that they are following all the industry best security practices.

Overall, KubeSF is a swiss army knife for container security as it saves a lot of precious time, increases efficiency, enables a broad-scope driven approach allowing transparency into pod and namespace level security posture which helps in minimizing the risk of exploitation.