RIO
  • Welcome
    • RIO
    • Useful Links
  • PENTESTING
    • Methodology
    • Protocols
      • FTP
      • SMB
      • NFS
      • SSH
      • RDP
      • SMTP
      • IMAP / POP3
      • RSYNC
      • SNMP
      • IPMI
      • R-Services
      • WinRM
      • WMI
      • LDAP
    • Databases
      • MySQL
      • MSSQL
      • Oracle TNS
      • PostgreSQL
    • File Transfers
      • Windows
      • Linux
      • Code
      • Misc
    • Password Attacks
      • John The Ripper
      • Hashcat
    • Docker
  • TOOLS
    • Nmap
    • Metasploit
    • BloodHound
    • Other
  • Linux
    • Theory
    • Commands and Utilities
      • Useful Commands
    • Bash Scripting
    • Post-Exploitation
      • Cred Hunting
      • Pivoting
    • Privilege Escalation
  • WINDOWS
    • Theory
      • Security
    • Commands and Utilities
    • PowerShell
    • Post-Exploitation
      • Tools
      • Enumeration
        • System
        • Network
        • Users
        • Groups
        • Processes / Services
        • Permissions
        • Defence
        • Programs
        • Files
      • Access
      • Pivoting
      • Cred Hunting
    • Privilege Escalation
      • Privileges
      • Built-In Groups
        • Backup Operators
        • Server Operators
        • Print Operators
        • DnsAdmins
        • Event Log Readers
      • Privilege Abuse
        • Potatoes
        • SeDebugPrivilege
        • SeTakeOwnershipPrivilege
      • MISC
        • UAC Bypass
        • User-Interaction Attacks
        • Weak Permissions
  • ACTIVE DIRECTORY
    • Theory
      • Terminology
    • Reconnaissance
      • Responder
      • Password Policies
      • DNS
      • Enumeration
        • Users
        • Groups
          • GPO's
        • Shares
        • Domain
        • Trusts
        • ACL
    • Movement
      • Credentials
        • Dumping
          • DCSync
        • Making a Target List
        • Spraying
        • Powershell Remoting
      • Kerberos
        • Kerbrute
        • Kerberoasting
          • Semi-Manual Way
          • Targeted Kerberoasting
        • ASREProasting
        • Forging
          • Golden Ticket
        • Overpass The Hash
        • Pass The Ticket
        • noPAC
      • MITM / Coerced Auths
        • LLMNR, NBT-NS Poisoning
        • PetitPotam
      • DACL Abuse
        • AddMember
        • ForceChangePassword
      • Trust Abuse
        • ExtraSIDs
      • ADCS
      • Printers
        • PrintNightmare
    • Tools
  • Networking
    • Theory
      • Types / Topologies
      • OSI & TCP/IP Models
      • TCP / UDP
      • MAC Addresses
      • IP / Subnetting
      • Proxies
      • ARP
    • Pivoting
      • Port-Forwarding
    • Commands and Utilities
    • Techniques
  • WEB
    • Web Recon
      • Fuzzing
    • DNS
  • CLOUD
    • Google GKE/GCP
      • Theory
Powered by GitBook
On this page
  • Kubernetes
  • Cloud Computing
  • GKE Structure
  • Batch Job
  • Service Accounts
  • Account Impersonation
  1. CLOUD
  2. Google GKE/GCP

Theory

PreviousGoogle GKE/GCP

Kubernetes

Kubernetes is an orchestration framework for software containers. Kubernetes provides the tools you need to run containerized applications in production and at scale. Google Kubernetes Engine (GKE) is a managed service for Kubernetes.

Cloud Computing

Principles of Cloud Computing:

  • Customers get computing resources that are on-demand and self-service

  • Customers get access to those resources over the internet, from anywhere.

  • The provider of those resources allocates them to users out of that pool

  • Resources are elastic - which means they're flexible, so customers can be

  • Customers pay only for what they use, or reserve as they go

GKE Structure

  1. Cluster: A Kubernetes cluster is a set of nodes (machines) that run containerized applications managed by Kubernetes. It includes a control plane and nodes.

  2. Pod: The smallest and simplest Kubernetes object. A pod represents a single instance of a running process in a cluster and can contain one or more containers.

  3. Node: A machine (virtual or physical) in a Kubernetes cluster that runs pods. Nodes are managed by the control plane.

  4. Control Plane: The collection of processes that manage the Kubernetes cluster. This includes the API server, scheduler, controller manager, and etcd database. It is responsible for maintaining the desired state of the cluster.

  5. kubelet: An agent that runs on each node in the cluster. It ensures containers are running in a pod by communicating with the control plane.

  6. kubectl: A command-line tool for interacting with the Kubernetes API server. It allows you to deploy and manage applications on a Kubernetes cluster.

Google Computing Services List

Compute Engine, GKE, App Engine, Cloud Functions, and Cloud Run

Batch Job

In the simplest terms, a batch job is a scheduled program that is assigned to run on a computer without further user interaction. Batch jobs are often queued up during working hours, then executed during the evening or weekend when the computer is idle

Service Accounts

Service accounts are identities that are intended for use by applications instead of people. In GKE, you interact with Kubernetes service accounts and with Identity and Access Management service accounts.

Account Impersonation

GKE Service Account Impersonation allows one Google Cloud service account to act on behalf of another service account. This is useful for granting temporary permissions and enhancing security.