K8s Post-Exploitation: Privilege Escalation, Sidecar Container Injection, and Runtime Security - Magno Logan, GoHacking

less than 1 minute read

Abstract

This talk aims to showcase distinct post-exploitation scenarios leveraging Kubernetes. We’ll demonstrate how attackers can stay hidden after compromising a K8s cluster. By digging into an attack scenario to show different ways attackers can use to exploit your K8s cluster. We’ll start from a compromised pod to showcase different privilege escalation methods. We’ll showcase techniques attackers can use to avoid detection with sidecar containers, leveraging a new technique called sidecar container injection, in which the attacker stays undetected by injecting their malware inside a sidecar container or even deploying a new one, compromising the victim’s cluster and staying stealth at the same time. After that, we’ll demo how to leverage audit logs and indicators of compromise together with security features to detect these scenarios and leverage runtime security tools to deploy rules to detect such attacks.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

K8s Post-Exploitation: Privilege Escalation, Sidecar Container Injection, and Runtime Security - Magno Logan, GoHacking

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google