I’ll Let Myself In: Kubernetes Privilege Escalation Tactics - Andrew Martin & Iain Smart, ControlPlane
Abstract
Penetration testing Kubernetes shouldn’t be easy, but we can make it so! Rogue SRE insider threat? Platform developers with grudges? Hostile internet citizens? Discover how to escalate your privilege, attain persistence, wreak cluster-wide havoc, and hide any trace of your activity in this enthralling exploration of cloud native security! Join us for a learner-friendly yet advanced dive into the myriad ways both trusted and unprivileged users can exploit Kubernetes. We’ll guide you through best practices for detection and demonstrate the most cost-effective and efficient strategies for securing your clusters. - Understand Kubernetes vulnerabilities that SREs, security teams, and pentesters should know — and techniques to mitigate them - Explore edge-cases of component abuse, and cruel and unusual interactions between components - Identify various adversary levels and tailor your defences accordingly - Learn the most economical and rapid strategies for robust cluster security