Kubernetes is everywhere, a container orchestration platform that is actively supported by all major cloud providers and adopted by companies across size and scale. However, the distributed nature of the system at its core has new and interesting security implications that cannot be tested using conventional tools and techniques.
This talk is aimed for anyone interested in exploring the depths of Kubernetes security from an attacker's perspective including DevSecOps Teams looking to defend against attacker tools and techniques.
The session will provide a high-level overview of Kubernetes architecture from an attacker's perspective i.e. what can be attacked. Subsequently look at, through demos, modern attacker tools and techniques using various real-world scenarios for attacking applications and components in a Kubernetes cluster.
Outline
- Attacker's intro to Kubernetes
- Kubernetes attack surfaces (Threat Model)
- Attacker in a Pod (Starting Point)
- Attack scenarios (live)
- Cloud infrastructure attack surface in Kubernetes (GKE)
- Namespace breakout using hostPath volume mounts