Kubernetes

Note: this was converted from Typst to Markdown using AI assistance. The original Typst file can be found here along with the bibliography. Exercise 1: Anti Hardening Laboratory protocol Exercise 1: Anti Hardening Figure: Grouplogo Subject: ITSI Class: 4AHITN Name: Dan Eduard Leuska, Justin Tremurici, Stefan Fürst Group Name/Number: Die Goons / 1 Supervisor: ZIVK, SPAC Exercise dates: 22.09.25, 29.09.25, 06.10.25, 13.10.25 Submission date: 20.10.25 Table of Contents Summary Complete network topology of the exercise Exercise Execution Setup Architecture Connecting the Setup Using Tailscale Choosing Distros How Alpine is different from Debian Setting Up Alpine Setting Up Debian Setting Up Windows Server Setting Up the Services Setting Up PostgreSQL Database Schema Setting Up the API Setting Up the Frontend Setting Up Kubernetes Setting Up Docker Swarm Setting Up SMB Share Making the Application Insecure Authentication Bypass via JWT Parsing Authentication Bypass via HTTP Headers CSP Header Misconfiguration Hardcoding Secrets Database Listening on All Interfaces Making Windows Insecure Changing The Execution Policy Disabling Windows Defender Making Linux Insecure Disabling ASLR Writable Binaries How Tools Like Tailscale Help Harden Security References Summary This exercise is about hardening and then anti-hardening server applications and OSes, so a fictional app was created that features the requirements of having a database and a webserver. Everything was hosted on a laptop in VirtualBox with NAT networking and connected over Tailscale as will be further explained in Connecting the Setup Using Tailscale. ...