RBACdoors: How Cryptominers Are Exploiting RBAC Misconfigs - Greg Castle & Vinayak Goyal, Google

less than 1 minute read

Abstract

Earlier this year you may have read news articles about cryptomining attacks using RBAC to backdoor clusters. We’ll talk about an attack of this type we observed on a cluster in March this year and demonstrate the attack step by step. We’ll cover how RBAC was misconfigured by the cluster owner to accidentally grant privileged access, how we detected the attack, and how we reconstructed the attacker’s actions from the logs. The attack techniques were interesting: the attacker masqueraded as K8s system components and used the certificates API to create new powerful access. We’ll discuss prevention and detection techniques for this kind of attack. We’ll also share some results of measuring similar RBAC misconfigurations across clusters to get a feel for how widespread these types of misconfigurations are in the industry.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

RBACdoors: How Cryptominers Are Exploiting RBAC Misconfigs - Greg Castle & Vinayak Goyal, Google

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google