SAINTCON 2023 - Micheal Cottingham - Exploiting Chef

Michael Cottingham

Discover the vulnerabilities of Chef and the ways to exploit them for penetration testing and red teaming, covering data bags, node keys, and supply chain attacks.

Key takeaways
  • Exploiting Chef involves accessing and manipulating encrypted data bags and node keys
  • Chef’s bootstrap process is vulnerable to exploitation, allowing access to sensitive data
  • Validator-less bootstrapping can be used to gain access to Chef without authentication
  • Red teaming and pen testing should focus on supply chain and process vulnerabilities, as well as exploiting misconfigured Chef instances
  • Encrypted data bags can be decrypted using private keys, allowing access to sensitive information
  • Chef’s convergence process can be manipulated to gain unauthorized access to nodes
  • Node certificates can be used to bootstrap nodes and gain access to Chef
  • Validator certificates can be used to authenticate and authorize access to Chef
  • Supply chain issues are a major concern, and organizations should prioritize securing their processes
  • Chef’s client runs every 30 minutes by default, and can be configured to run more frequently
  • Run lists can be used to manage nodes and deploy software
  • Data bags can be used to store and manage sensitive data
  • Node keys can be used to encrypt and decrypt data bags
  • Chef workstation is a tool used to manage and deploy Chef configurations
  • Supply chain attacks can be used to gain access to sensitive information and systems
  • Encryption should be used to protect sensitive information and prevent unauthorized access
  • Validation of certificates and keys is critical to preventing unauthorized access to Chef