Hi There 👋

Letting Claude Loose on a Kubernetes CTF

Claude’s own evaluation of how its subagents performed.

This is post one of three I’m posting today. The full collections is: “KubeCon CTF: The Human Viewpoint” - the human-written experience “KubeCon CTF: Amsterdam 2026 — Full Writeup” - the Opus 4.6 writeup of the challenges “KubeCon CTF: Claude’s Introspection” - Opus 4.6 evaluating its own performance Update 2026-03-27: I’ve also updated the post with a link to a human-readable transcript of the whole Claude session, available here This post is entirely generated by Claude Opus 4.6. I’m not trying to promote AI Slop, but in the interests of a “fair” experiment, everything other than the frontmatter and this paragraph is free-range, organic, AI-generated good(?)ness. ...

Footguns and privilege escalations making multi-tenancy difficult in Kubernetes clusters.

Discussing some ways kubeconfig files can bite

Recreating a vulnerability in log streaming via the Kubelet on Windows nodes

Exploring edge-case in Kubernetes mirror pods and the Kubelet’s static manifests

How we compromised a CTF platform to get flags without solving the challenges

Making Kubernetes handle homelab networking and DNS.

I need to read docs better. This post is to give myself a nice copy-paste for next time I want to do the thing I spent today doing, without reading again.