Mission Briefing
Welcome to the Security Task Force; please have a seat!
A critical security alert was raised by the NS team (Network & Security team). They claim that an application hosted on an OpenShift cluster has been compromised today, resulting in sensitive data being leaked out to an external server. They also pointed out an unexpected login from a generic user account that is supposed to be the one used by the hacker.
The applications and operations team haven’t been able to find any security issues in the applications or the secured pipelines.
We need your help in identifying security issues on the platform. To support this, we’ve provided you with an account that has permissions similar to those associated with the one flagged by the NS team.
Your objective, as a DevSecOps expert, is to trace back the actions taken by the hacker and provide information to the security team who will then review and update our security best practices.
Use the available tools to investigate. A tool is never used twice to solve a mission.
Starting your missions
Login to the CTF Dashboard, where you’ll be able to see your mission objectives and to post your responses. Each correct answer will complete the current mission and unlock the next one.
Lab access
Login to the Openshift Web Console with RH SSO
username: {user}
password: {password}
Login to ACS with Openshift SSO integration
username: {user}
password: {password}
Login to Openshift Gitops with the local authentication provider (NOT with Openshift SSO integration)
username: {user}
password: {password}
{gitea_console_url}/gitea/customers-app.git[Source Code of the customers application^]