Why Barricade the Door if the Window Is Open? Making Sense of Kubernetes Initial Access Vectors - Shay Berkovich, Wiz

less than 1 minute read

Abstract

Upon creation of Kubernetes cluster, the immediate security concern should be securing initial access. To achieve that, one needs to be clear on many ways malicious actors can gain access to a cluster. But how do you wrap your head around API server and data plane access, management interfaces, anonymous access, image poisoning and more? Toss on top of that different methods of authentication for every managed service and you get yourself a headache. In this talk we make sense of K8s initial access methods. In each case we list prerequisites (misconfigurations, vulnerabilities, or likeliest way an attacker can obtain credentials), compromised role permissions (impact) and mitigations. On top of that, we map these vectors to the real-world attacks observed recently and demo the most interesting scenarios. More importantly, we talk about how the access events manifest in cloud and audit logs and kernel-level visibility, so that the attendees can leave with a coherent detection strategy.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Why Barricade the Door if the Window Is Open? Making Sense of Kubernetes Initial Access Vectors - Shay Berkovich, Wiz

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google