A Hacker’s Guide to Kubernetes and the Cloud - Rory McCune, NCC Group PLC (Intermediate Skill Level) (Slides Attached)
Abstract
As Kubernetes increases in adoption it is inevitable that more clusters will come under attack by people wanting to compromise specific applications or just people looking to get access to resources for things like crypto-coin mining. The goal of this talk is to take an attackers perspective on typical cloud-based Kubernetes deployments, examine how attackers will find and compromise clusters and the applications running on them and suggest practical ways to improve the security of your cluster. This talk will draw on the presenters long experience of offensive security to provide an attacker’s eye view of the challenges of running production Kubernetes clusers in cloud-facing environments.