Praetorian is excited to announce the upcoming release of Konstellation, a new open-source tool that simplifies Kubernetes role-based access control (RBAC) data collection and security analysis. Join us August 10, 2023, at Black Hat Arsenal 2023 for a deeper dive on exactly what this tool can do for you.

Kubernetes RBAC is a powerful tool to manage access to resources, but its complexity increases exponentially as principals and resources grow, making it challenging to analyze the resulting data at scale. Konstellation uses graph theory to map and analyze all Kubernetes resources and RBAC permissions, which simplifies analysis of RBAC implementations for security vulnerabilities.

The Konstellation tool allows engineers to understand what actions principals are allowed to perform on resources, analyze complex relationships not visible in native Kubernetes or other tools, and find overprovisioning and privilege escalation paths. Additionally, it is configuration-driven, allowing for quick adaptation to different environments, configurations, and analysis needs.

The tool features three primary modes: enumeration, data ingestion, and querying. The enumeration mode connects directly to a Kubernetes cluster, enumerates each resource type returned by the API server, and writes the results to files in JSON format. Alternatively, Konstellation can ingest kubectl JSON output.

Konstellation is schema-less and uses structured output from enumeration to determine data structures. Every resource instance and its attributes map into a Neo4j node with node properties. Users can query all enumerated resource data from the schema without data loss. After ingesting the resource instances, Konstellation maps relationships using Neo4j cypher queries defined in its configuration.

Query mode allows for rapid data analysis. Konstellation ships with 40+ queries that look for privilege escalation paths and known vulnerable configurations. Users also can perform ad-hoc queries through command line or directly in Neo4j.

Analyzing Kubernetes RBAC weaknesses at scale can be daunting, but the Konstellation tool offers a clear overview of RBAC implementations and simplifies the process of identifying security vulnerabilities. Releasing on August 10, 2023.