Arbitrary Code & File Execution in R/O FS – Am I Write? - Golan Myers, WithSecure

less than 1 minute read

Abstract

In containerized environments, such as Kubernetes clusters, read-only filesystems are viewed as an additional layer of defense, as they allow for better control and management of containerized applications. Immutable containers are consistent and predictable, making compliance and auditing simpler, and allowing for more accurate threat detection. They are also easily replicated to ensure high availability and can be rolled back with ease when necessary. In this talk I will present my research on bypassing write and execution restrictions to ultimately execute arbitrary code and executable files in read-only filesystems. The three methods I used to successfully execute arbitrary code will be covered and demonstrated live. We will then cover ways to remediate these attacks where possible and monitor & alert where they are not.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Arbitrary Code & File Execution in R/O FS – Am I Write? - Golan Myers, WithSecure

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google