Kubesploit – A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang

Build

To build this project, run the make command from the root folder.

Quick Build

To run quick build for Linux, you can run the following:

export PATH=$PATH:/usr/local/go/bin
go build -o agent cmd/merlinagent/main.go
go build -o server cmd/merlinserver/main.go

Mitigations

YARA rules

We created YARA rules that will help to catch Kubesploit binaries. The rules are written in the file kubesploit.yara.

Agent Recording

Every Go module loaded to the agent is being recorded inside the victim machine.

MITRE map

We created a MITRE map of the vectors attack being used by Kubesploit.

Mitigation for Modules

For every module we created, we wrote its description and how to defend from it.
We sum it up in the MITIGATION.md file.

Contributing

We welcome contributions of all kinds to this repository.
For instructions on how to get started and descriptions of our development workflows, please see our contributing guide.

Credit

We want to thank Russel Van Tuyl (@Ne0nd0g) for creating Merlin as an open-source that allowed us to build Kubesploit on top of it.
We also want to thank Traefik Labs (@traefik) for creating Go interpreter (“Yaegi”) that allowed us to run the Golang modules on a remote agent easily.

Share Your Thoughts And Feedback

For more comments, suggestions or questions, you can contact Eviatar Gerzi (@g3rzi) from CyberArk Labs or open an issue. You can find more projects developed by us at https://github.com/cyberark/.