CAP_NET_RAW and ARP Spoofing in Your Cluster: It’s Going Downhill From Here - Liz Rice, Aqua Security

less than 1 minute read

Abstract

Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this can be abused by a compromised application.* ARP spoofing: pretending to represent the wrong IP address* If the app can ARP spoof the IP address of the DNS service, this potentially lets it spoof DNS addresses: pretending to represent the wrong domain nameSounds bad, doesn’t it?These attacks, and their consequences, will be demonstrated live, along with preventative measures that you can take to ensure they aren’t happening on your cluster.This talk explains CAP_NET_RAW and spoofing, but the audience is expected to be comfortable with Kubernetes concepts like pod specs and admission controllers.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

CAP_NET_RAW and ARP Spoofing in Your Cluster: It’s Going Downhill From Here - Liz Rice, Aqua Security

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google