On Container Orchestration

On Container Orchestration

Peer group discussions on running infrastructure in production

Abhisek Datta

@abhisek

Kubernetes from an Attacker's Perspective

Submitted Apr 8, 2020

Kubernetes is everywhere, a container orchestration system that is actively supported by all major cloud providors and adopted by companies across size and scale.

However, the distributed nature of the system at its core has new and interesting security implications that cannot be ignored. The ability of an attacker within a cluster to recon, move around (lateral movement), escalate and gain cluster-admin privilege is presented in this talk.

This talk is primarily targeted for Red Teams but also suitable for DevSecOps Teams looking to defend their cluster against various attacker tools and techniques.

Outline

  • Attacker’s intro to Kubernetes
  • Kubernetes attack surfaces (Threat Model)
  • Attacker in a Pod (Starting Point)
  • Attack scenarios (live)
    • Cluster discovery and situational awareness
    • Service discovery and privilege mapping
    • Lateral movement and privilege escalation
    • Maintaining access in the cluster (Persistence)

Speaker bio

An accomplished security professional with over a decade of experience in information security solution engineering, services, vulnerability research, reverse engineering and security tools development.

A participant of NULL – India’s largest open security community as a core team member responsible for techndnology development.

Slides

https://speakerdeck.com/abhisek/kubernetes-from-an-attackers-perspective-fwd-cloudsec-2020

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

We care about site reliability, cloud costs, security and data privacy