I'll Let Myself In: Kubernetes Privilege Escalation Tactics - Andrew Martin & Iain Smart
![CNCF [Cloud Native Computing Foundation]](http://yt3.ggpht.com/txe66EjpkDQQlx_4jDV0yA0PPsww0rqQrFhMpDqagLWN2-EUBBO65IuIyy5tEFVmpI4_RRduzXc=s48-c-k-c0x00ffffff-no-rj)
ฝัง
- เผยแพร่เมื่อ 21 ต.ค. 2024
- Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at kubecon.io
I'll Let Myself In: Kubernetes Privilege Escalation Tactics - Andrew Martin & Iain Smart, ControlPlane
Penetration testing Kubernetes shouldn't be easy, but we can make it so! Rogue SRE insider threat? Platform developers with grudges? Hostile internet citizens? Discover how to escalate your privilege, attain persistence, wreak cluster-wide havoc, and hide any trace of your activity in this enthralling exploration of cloud native security! Join us for a learner-friendly yet advanced dive into the myriad ways both trusted and unprivileged users can exploit Kubernetes. We'll guide you through best practices for detection and demonstrate the most cost-effective and efficient strategies for securing your clusters. - Understand Kubernetes vulnerabilities that SREs, security teams, and pentesters should know - and techniques to mitigate them - Explore edge-cases of component abuse, and cruel and unusual interactions between components - Identify various adversary levels and tailor your defences accordingly - Learn the most economical and rapid strategies for robust cluster security
Thank you for this!
One of the scariest talks of Kubecon