| Redteam 观点:K8s 集群管理员的安全实践 | Redteam Views: Security Practice of K8s Cluster Administrator - Zebin Zhou, Tencent |
Abstract
现实世界中的恶意攻击者如何攻击 K8s 群集?如何防止容器逃逸?如何防止黑客绕过普通旧数据安全策略?如何防止黑客侧向移动?本次演讲将回答上述问题。开发人员和集群管理员可以学习如何构建一个安全的、多租户的、大规模的 Kubernetes 集群,并根据本讲座保护集群中的容器和数据。在过去的几年中,这位演讲者在 Blackhat、Hack In the Box、CIS 和 WHT 等会议上分享了黑客如何攻击 Kubernetes 和 Service Mesh 等基础设施。“研究攻击技术”的目的是为了防御,本课题将分享腾讯在多租户 Kubernetes 集群安全建设方面的经验和思路,并使用 read-world 攻击案例展示安全风险并提出解决方案。How do real-world malicious attackers attack the K8s cluster? How to prevent container-escape? How to prevent hackers from bypassing Pod Security Policy? How to prevent hackers from lateral movement? This talk will answer the questions above. Developers and cluster administrators can learn how to build a secure, multi-tenant, large-scale Kubernetes cluster, and protect the containers and data in the cluster based on this talk. In the past few years, the speaker have shared how hackers attacked infrastructure such as Kubernetes and Service Mesh at conferences such as Blackhat, Hack In The Box, CIS, and WHT and so on. The purpose of “researching attack techniques” is for defend, this topic will share Tencent’s experience and thoughts on security construction in multi-tenant Kubernetes clusters, and use read-world attack cases to show security risks and propose solutions.