The one where we owned a cloud platform through a free trial
Sometimes the front door is the easiest way in.
It started with a simple trial account. The kind that thousands of potential customers sign up for every day. Within hours, we had complete control of their demo environment – the same sandbox they use to showcase their platform to potential customers.
The setup
Our target was a major Platform-as-a-Service provider, offering containerized environments to businesses worldwide. Their trial account provided access to a dedicated sandbox environment – specifically configured for potential customers to test their services. Even in controlled environments, security oversights can have serious implications.
The infiltration
We crafted a specially designed docker container that would establish a connection back to our command center. Like a digital trojan horse, we uploaded it to Docker Hub where it sat innocently among countless legitimate containers. Since the platform allowed pulls from external registries, our creation slipped right through their defenses.
The escalation
With our initial foothold established, we began probing deeper. Through their API, we configured our container with privileged security context – a well-documented security risk that many organizations still overlook. Breaking free from our container’s constraints, we gained access to the underlying node.
The takeover
Each pod in their Kubernetes cluster had an associated service account token. Among those we accessed was one with permissions to request secrets across the entire cluster – including the critical kube-system namespace. Game over. We had achieved complete control over their demo environment – the same Kubernetes sandbox that potential customers use when evaluating their PaaS solution.
While our technical team was dismantling their digital defenses, we went old school. Through a simple sales demo, we obtained credentials that gave us access to their Google Workspace environment. A sobering reminder that security is only as strong as its weakest link – human or digital.
The lesson
This breach demonstrates how even sandbox environments need robust security controls. While this was discovered during our initial assessment, it highlights the importance of thorough security testing across all environments – including those designed for demonstrations and evaluations.
Your demo environments might seem inconsequential. Your containers might seem isolated. Your trial accounts might seem harmless. But in the hands of a determined attacker, these assumptions become weapons – and a breach of a demo environment could reveal critical insights about your infrastructure design.
Don’t wait for the bad actors to find these vulnerabilities first. Let The Swarm show you what real attackers already know about your systems, with our simulated cyber attack services.
Swarm. Defeat. Repeat.