On Container Orchestration

Peer group discussions on running infrastructure in production

Submit a session proposal

Kubernetes from an Attacker's Perspective

Submitted by Abhisek Datta (@abhisek) on Apr 8, 2020

Duration of the session:: 40 mins full talk Category of talk: Security Status: Submitted

Abstract

Kubernetes is everywhere, a container orchestration system that is actively supported by all major cloud providors and adopted by companies across size and scale.

However, the distributed nature of the system at its core has new and interesting security implications that cannot be ignored. The ability of an attacker within a cluster to recon, move around (lateral movement), escalate and gain cluster-admin privilege is presented in this talk.

This talk is primarily targeted for Red Teams but also suitable for DevSecOps Teams looking to defend their cluster against various attacker tools and techniques.

Outline

  • Attacker’s intro to Kubernetes
  • Kubernetes attack surfaces (Threat Model)
  • Attacker in a Pod (Starting Point)
  • Attack scenarios (live)
  • Cluster discovery and situational awareness
  • Service discovery and privilege mapping
  • Lateral movement and privilege escalation
  • Maintaining access in the cluster (Persistence)

Speaker bio

An accomplished security professional with over a decade of experience in information security solution engineering, services, vulnerability research, reverse engineering and security tools development.

A participant of NULL – India’s largest open security community as a core team member responsible for techndnology development.

Slides

https://speakerdeck.com/abhisek/kubernetes-from-an-attackers-perspective-fwd-cloudsec-2020

Preview video

https://www.youtube.com/watch?v=aloi74MH4zk

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}