Blue's boss has hired you to see if the cluster is completely "clean". Use the next block of time to solve the following bonus challenges. Once you know both answers, approach one of the co-presenters and whisper the answers to both questions to earn the prestigious "expert" badge.
- Get a root shell on the
nodeagain. Find out the image name that was last run directly with docker commands by the
- Was this cluster compromised via another mechanism and Blue didn't know about it? (Yes!) Find the IP address of the attacker's system where the reverse shell was being sent. Hint: Tiller was removed with
helm reset --forceand so it left some things behind in the