On Container Orchestration

Kubernetes is everywhere, a container orchestration system that is actively supported by all major cloud providors and adopted by companies across size and scale.

However, the distributed nature of the system at its core has new and interesting security implications that cannot be ignored. The ability of an attacker within a cluster to recon, move around (lateral movement), escalate and gain cluster-admin privilege is presented in this talk.

This talk is primarily targeted for Red Teams but also suitable for DevSecOps Teams looking to defend their cluster against various attacker tools and techniques.

Outline

• Attacker’s intro to Kubernetes
• Kubernetes attack surfaces (Threat Model)
• Attacker in a Pod (Starting Point)
• Attack scenarios (live)
  • Cluster discovery and situational awareness
  • Service discovery and privilege mapping
  • Lateral movement and privilege escalation
  • Maintaining access in the cluster (Persistence)

Speaker bio

An accomplished security professional with over a decade of experience in information security solution engineering, services, vulnerability research, reverse engineering and security tools development.

A participant of NULL – India’s largest open security community as a core team member responsible for techndnology development.

• Open source code: https://github.com/abhisek
• Twitter: https://twitter.com/abh1sek

Slides

https://speakerdeck.com/abhisek/kubernetes-from-an-attackers-perspective-fwd-cloudsec-2020