chore: updated tasks.yaml and scenario.yaml for consistency

ansible/roles/ci-runner-ng-breakout/files/challenge.txt

@@ -1,5 +1,5 @@
 During penetration testing of a client kubernetes cluster, a vulnerability in a pod has been noticed.
 
-The pod is part of the CI/CD build infrastructure and you are concerned that a compromised runner may lead to compromsied VMs.
+The pod is part of the CI/CD build infrastructure and you are concerned that a compromised runner may lead to compromised VMs.
 
 Verify the vulnerability by breaking out of the CI runner pod.

ansible/roles/devious-developer-data-dump/files/challenge.txt

@@ -9,7 +9,7 @@
     | [_][_] [__][_][__][_____________________][__][_][_] [_][_][_] [____][_][_| |
     |____________________________________________________________________________|
 
-Captain Hλ$ħ𝔍Ⱥ¢k is targetting a distribution company called Rescue Drop as it holds Personal Identifiable Information (PII)
+Captain Hλ$ħ𝔍Ⱥ¢k is targeting a distribution company called Rescue Drop as it holds Personal Identifiable Information (PII)
 
 The Rescue Drop application is not accessible publicly but is open source!
 

docs/2023-cncf-ctf-walkthroughs/README.md

@@ -11,13 +11,13 @@ The table below outlines each scenario, learning objectives, technology used and
 | Scenario | Scenario ID | Scenario Description | Learning Objective | Technology Used | Difficulty | No of Flags |
 | --- | --- | --- | --- | --- | --- | --- |
 | [Seven Seas](seven-seas/README.md) | seven-seas | Sail the Seven Seas, find all the missing map pieces and plunder the Royal Fortune | Kubernetes Fundamentals, Container Enumeration and Exploitation | Kubernetes Secrets, Container Images, Pod Security Standards, Network Policy, Pod Logs, Service Accounts and RBAC, Sidecar Containers | Easy | 2 |
-| [Commandeer Container](commandeer-container/README.md) | commandeer-container | Use Kubernetes to Smuggle aboard and find the hidden treasure | Accessing Containers without `kubectl exec` | Kubernetes Secrets, Container Images, Service Accounts and RBAC | Easy | 1 |
+| [Commandeer Container](commandeer-container/README.md) | commandeer-container | Use Kubernetes to smuggle aboard and find the hidden treasure | Accessing containers without `kubectl exec` | Kubernetes Secrets, Container Images, Service Accounts and RBAC | Easy | 1 |
 | [CI Runner Next-Generation Breakout](ci-runner-ng-breakout/README.md) | ci-runner-ng-breakout | An adversary has exploited CI runner and reached the underlying host. Can you find out how? | Container breakout via containerd | Docker, Containerd | Easy | 1 |
 | [PSS Misconfiguration](pss-misconfiguration/README.md) | pss-misconfiguration | In the transition away from Pod Security Policy an adversary has deployed a malicious workload which resists removal. Unravel the mystery and remove the workload off the cluster | Pod Security Standards, Pod Security Admission | Pod Security Standards, Pod Security Admission | Medium | 3 |
 | [Build a Backdoor](build-a-backdoor/README.md) | build-a-backdoor | Install a backdoor onto a Kubernetes cluster for Captain Hλ$ħ𝔍Ⱥ¢k to exploit | Kubernetes Ingress, Services and Network Policies | Kubernetes Ingress, Services, Network Policies, Kyverno | Medium | 2 |
 | [Cease and Desist](cease-and-desist/README.md) | cease-and-desist | Fix the reform-kube licensing server and get production running again | Cilium Network Policies | Kubernetes Secrets, Cilium Network Policies | Medium | 2 |
 | [Devious Developer Data Dump](devious-developer-data-dump/README.md) | devious-developer-data-dump | Exploit a public repository to access a production environment and steal sensitive data | From secret discovery in a code repository to full cluster compromise | Gitea, GitHub Action Runners, Zot, SQL Database | Complex | 2 |
-| [Identity Theft](identity-theft/README.md) | identity-theft | Exploit a public facing application, obtain a foothold on the cluster and access a secret store | Realistic adversary initial access and OIDC token abuse | custom vulnerable application (pod schema validation), Dex, Kubernetes Services, Service Accounts and RBAC | Complex | 2 |
+| [Identity Theft](identity-theft/README.md) | identity-theft | Exploit a public facing application, obtain a foothold on the cluster and access a secret store | Realistic adversary behaviour and OIDC token abuse | custom vulnerable application (pod schema validation), Dex, Kubernetes Services, Service Accounts and RBAC | Complex | 2 |
 | [Coastline Cluster Attack](coastline-cluster-attack/README.md) | coastline-cluster-attack | Pivot across multiple systems, escalate privileges and obtain full cluster compromise | Leveraging ephemeral containers for initial access, service account enumeration and privilege escalation, service account token abuse, vulnerable daemonsets | Ephemeral containers, Service Accounts and RBAC, Service Account Tokens, Custom "red herring" applications, Elasticsearch, Fluentbit Daemonsets | Complex | 3 |
 
 ### Difficulty Rating

docs/2023-cncf-ctf-walkthroughs/ci-runner-ng-breakout/README.md

@@ -18,10 +18,10 @@ The purpose of CI Runner Next Generation Breakout is to teach participants about
 
 ```
 During penetration testing of a client kubernetes cluster, a vulnerability in a pod has been noticed.
-The pod is part of the client build infrastructure and you are concerned that a compromise may lead to leaked secrets within the target cluster.
-Verify the vulnerability by extracting the secret access key from another pod in the ci-server-vulnerability namespace.
 
-You will start in the jenk-5ym3 pod in the ci-server-vulnerability namespace.
+The pod is part of the CI/CD build infrastructure and you are concerned that a compromised runner may lead to compromised VMs.
+
+Verify the vulnerability by breaking out of the CI runner pod.
 ```
 
 ## Guided Walkthrough

scenarios/build-a-backdoor/tasks.yaml

@@ -1,7 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
+category: KubeCon + CloudNativeCon Europe 2023 CTF
+difficulty: Medium
 kind: cp.simulator/scenario:1.0.0
-objective: Undo Kubernetes controls to allow access to an exploitable application
+objective: Learn about Kubernetes Ingress, Services and Network Policies
 tasks:
   "1":
     hints:
@@ -10,5 +10,5 @@ tasks:
       mode: pod
       podName: jumpbox-terminal
       podNamespace: dmz
-    summary: Can you build a backdoor for Hashjack to exploit?
+    summary: Install a backdoor onto a Kubernetes cluster for Captain Hλ$ħ𝔍Ⱥ¢k to exploit
 name: build-a-backdoor

scenarios/cease-and-desist/tasks.yaml

@@ -1,7 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
+category: KubeCon + CloudNativeCon North America 2023 CTF
+difficulty: Medium
 kind: cp.simulator/scenario:1.0.0
-objective: Restore production by reactiviting the reform-kube license server.
+objective: Learn about Cilium Network Policies
 tasks:
   "1":
     hints:
@@ -10,5 +10,5 @@ tasks:
       mode: pod
       podName: admin-console
       podNamespace: administration
-    summary: Restore production by reactiviting the reform-kube license server.
+    summary: Fix the reform-kube licensing server and get production running again
 name: cease-and-desist

scenarios/ci-runner-ng-breakout/tasks.yaml

@@ -1,8 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
-name: ci-runner-ng-breakout
+category:  CloudNative SecurityCon North America 2023 CTF
+difficulty: Easy
 kind: cp.simulator/scenario:1.0.0
-objective: Get postgres password.
+objective: Learn about Container breakout via containerd
 tasks:
   "1":
     hints:
@@ -11,5 +10,5 @@ tasks:
       mode: pod
       podName: jenk-ng-runner-s82n6
       podNamespace: ci-runner-ng
-    summary: There is a containerd socket mounted into the container,
-      is it possible to traverse the cluster?
+    summary: An adversary has exploited CI runner and reached the underlying host. Can you find out how?
+name: ci-runner-ng-breakout

scenarios/coastline-cluster-attack/tasks.yaml

@@ -1,7 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
+category: CloudNative SecurityCon North America 2023 CTF
+difficulty: Complex
 kind: cp.simulator/scenario:1.0.0
-objective: Obtain cluster admin
+objective: Learn about Leveraging ephemeral containers for initial access, service account enumeration and privilege escalation, service account token abuse, vulnerable daemonsets
 tasks:
   "1":
     hints:
@@ -10,5 +10,5 @@ tasks:
       mode: pod
       podName: jumpbox-terminal
       podNamespace: dmz
-    summary: Can you obtain cluster admin of coastline?
+    summary: Pivot across multiple systems, escalate privileges and obtain full cluster compromise
 name: coastline-cluster-attack

scenarios/commandeer-container/tasks.yaml

@@ -1,7 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
+category: KubeCon + CloudNativeCon Europe 2023 CTF
+difficulty: Easy
 kind: cp.simulator/scenario:1.0.0
-objective: Find the treasure using kubernetes navigation
+objective: Learn about accessing containers without kubectl exec
 tasks:
   "1":
     hints:
@@ -10,5 +10,5 @@ tasks:
       mode: pod
       podName: dark-tide
       podNamespace: sea
-    summary: Can you find the treasure?
+    summary: Use Kubernetes to smuggle aboard and find the hidden treasure
 name: commandeer-container

scenarios/devious-developer-data-dump/tasks.yaml

@@ -1,8 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
-name: cicd
+category: KubeCon + CloudNativeCon Europe 2023 CTF
+difficulty: Complex
 kind: cp.simulator/scenario:1.0.0
-objective: Get postgres password.
+objective: Learn about how secret discovery in a code repository can lead to full cluster compromise
 tasks:
   "1":
     hints:
@@ -11,4 +10,5 @@ tasks:
       mode: pod
       podName: jumpbox
       podNamespace: dmz
-    summary: x
+    summary: Exploit a public repository to access a production environment and steal sensitive data
+name: devious-developer-data-dump

scenarios/identity-theft/tasks.yaml

@@ -1,7 +1,7 @@
-category: KubeCon
-difficulty: KubeCon
+category: KubeCon + CloudNativeCon North America 2023 CTF
+difficulty: Complex
 kind: cp.simulator/scenario:1.0.0
-objective: Time to steal users identities
+objective: Learn about realistic adversary behaviour and OIDC token abuse
 tasks:
   "1":
     hints:
@@ -10,5 +10,5 @@ tasks:
       mode: pod
       podName: public-terminal
       podNamespace: public
-    summary: Can you steal the identity of the pod-checker users?
+    summary: Exploit a public facing application, obtain a foothold on the cluster and access a secret store
 name: identity-theft

scenarios/pss-misconfiguration/tasks.yaml

@@ -1,7 +1,7 @@
-category: CNSecCon
-difficulty: CNSecCon
+category: CloudNative SecurityCon North America 2023 CTF
+difficulty: Medium
 kind: cp.simulator/scenario:1.0.0
-objective: Fix misconfigurations
+objective: Learn about Pod Security Standards and Pod Security Admission
 tasks:
   "1":
     hints:
@@ -19,5 +19,5 @@ tasks:
       podName: admin
       podNamespace: platform
       podHost: master-0
-    summary: Can you fix the Pod Security misconfigurations so that the attacker's Pod can't be admitted anymore in the cluster?
+    summary: In the transition away from Pod Security Policy an adversary has deployed a malicious workload which resists removal. Unravel the mystery and remove the workload off the cluster
 name: pss-misconfiguration

scenarios/scenarios.yaml

@@ -2,54 +2,54 @@
 
 - id: cease-and-desist
   name: Cease and Desist
-  description: "Restore production by reactiviting the reform-kube license server."
-  category: KubeCon
-  difficulty:
+  description: "Fix the reform-kube licensing server and get production running again"
+  category: KubeCon + CloudNativeCon North America 2023 CTF
+  difficulty: Medium
 
 - id: identity-theft
   name: Identity Theft
-  description: "Can you steal the identity of the pod-checker users?"
-  category: KubeCon
-  difficulty:
+  description: "Exploit a public facing application, obtain a foothold on the cluster and access a secret store"
+  category: KubeCon + CloudNativeCon North America 2023 CTF
+  difficulty: Complex
 
 - id: seven-seas
   name: Seven Seas
-  description: "Sail the Seven Seas and find all the missing map pieces!"
-  category: Workshop
-  difficulty:
+  description: "Sail the Seven Seas, find all the missing map pieces and plunder the Royal Fortune"
+  category: KubeCon + CloudNativeCon North America 2023 CTF
+  difficulty: Easy
 
 - id: build-a-backdoor
   name: Build-a-Backdoor
-  description: "KCEU23: Build a backdoor for Hashjack to exploit"
-  category: KubeCon
-  difficulty:
+  description: "Install a backdoor onto a Kubernetes cluster for Captain Hλ$ħ𝔍Ⱥ¢k to exploit"
+  category: KubeCon + CloudNativeCon Europe 2023 CTF
+  difficulty: Medium
 
 - id: devious-developer-data-dump
   name: Devious Developer Data Dump
-  description: "KCEU23: Can you navigate Rescue Drop's CI/CD infrastructure, following Hashjack to the goal?"
-  category: KubeCon
-  difficulty:
+  description: "Exploit a public repository to access a production environment and steal sensitive data"
+  category: KubeCon + CloudNativeCon Europe 2023 CTF
+  difficulty: Complex
 
 - id: commandeer-container
   name: Commandeer Container
-  description: "KCEU23: Can you navigate Kubernetes and find the treasure?"
-  category: KubeCon
-  difficulty:
+  description: "Use Kubernetes to smuggle aboard and find the hidden treasure"
+  category: KubeCon + CloudNativeCon Europe 2023 CTF
+  difficulty: Easy
 
 - id: ci-runner-ng-breakout
   name: CI Runner-NG Breakout
-  description: "CNSCon: There is a containerd socket mounted into the container, is it possible to traverse the cluster?"
-  category: KubeCon
-  difficulty:
+  description: "An adversary has exploited CI runner and reached the underlying host. Can you find out how?"
+  category: CloudNative SecurityCon North America 2023 CTF
+  difficulty: Easy
 
 - id: pss-misconfiguration
-  name: CNSecCon NA 23 PSS Misconfiguration
-  description: "CNSCon: An unrestricted Pod is admitted in the cluster regardless of the security context restrictions in place: what's happening?"
-  category: CNSecCon
-  difficulty:
+  name: PSS Misconfiguration
+  description: "In the transition away from Pod Security Policy an adversary has deployed a malicious workload which resists removal. Unravel the mystery and remove the workload off the cluster"
+  category: CloudNative SecurityCon North America 2023 CTF
+  difficulty: Medium
 
 - id: coastline-cluster-attack
-  name: CNSEC23 Coastline Cluster Attack
-  description: "CNSEC23: Hashjack has taken over a jumpbox in coastline. He wants you get cluster admin"
-  category: KubeCon
-  difficulty:
+  name: Coastline Cluster Attack
+  description: "Pivot across multiple systems, escalate privileges and obtain full cluster compromise"
+  category: CloudNative SecurityCon North America 2023 CTF
+  difficulty: Complex

scenarios/seven-seas/tasks.yaml

@@ -1,7 +1,7 @@
-category: Workshop
-difficulty: Workshop
+category: KubeCon + CloudNativeCon North America 2023 CTF
+difficulty: Easy
 kind: cp.simulator/scenario:1.0.0
-objective: Sail the Seven Seas and find all the missing map pieces!
+objective: Learn about Kubernetes Fundamentals, Container Enumeration and Exploitation
 tasks:
   "1":
     hints:
@@ -10,5 +10,5 @@ tasks:
       mode: pod
       podName: fancy
       podNamespace: arctic
-    summary: Can you plunder the Royal Fortune?
+    summary: Sail the Seven Seas, find all the missing map pieces and plunder the Royal Fortune
 name: seven-seas