K8sploitation: Hacking Kubernetes the Fun Way

Presented at DEF CON 33 (2025), Aug. 9, 2025, 2 p.m. (240 minutes).

Kubernetes is now at the heart of modern infrastructure, yet offensive security content targeting real-world K8s exploitation is still underrepresented—even at DEF CON. K8sploitation: Hacking Kubernetes the Fun Way fills that gap by diving deep into hands‑on Kubernetes hacking techniques including privilege escalation, lateral movement, and control plane compromise. In this workshop, we set aside the buzzwords and focus on practical attacks and defenses drawn from real adversary tradecraft. Whether you’re a red teamer looking to understand how attackers think or a defender seeking to shore up your cluster’s security, you’ll gain invaluable insights through live demos, guided labs, and lessons learned from enterprise and government security operations. This session bridges cloud‑native technology with hands‑on offensive security training in a way that’s rare, relevant, and overdue.

Presenters:

• Marcelo Ribeiro - Hewlett Packard Enterprise (HPE)
  Marcelo Ribeiro leads the Offensive Security Special Ops team at Hewlett Packard Enterprise (HPE) with 20+ years of cybersecurity experience across HPE, Microsoft, IBM, and the Brazilian Navy. A former Navy Officer, he helped build Brazil’s Naval Cybersecurity capabilities and led IBM’s DFIR practice in Latin America. At HPE, Marcelo develops advanced offensive security programs, leveraging Kubernetes infrastructure and AI to enhance offensive operations and harden cyber defenses. He has presented at DEF CON 2024 and various security conferences, sharing expertise on red teaming, cloud security, and Kubernetes exploitation. Recognized in the EC-Council CEH Hall of Fame (2023), Marcelo holds CISSP, CISM, OSCP, GXPN, GPEN, GWAPT, GAWN, GRID, GREM, GCIH, GCIA, and more. Passionate about pushing offensive security boundaries, he thrives on tackling new adversarial challenges in modern cloud environments.
• Jeff Jordan - Hewlett Packard Enterprise (HPE)
  Jeff Jordan is a Lead Penetration Tester in the Product Security Office with over 13 years of experience at HPE. He began his career in UEFI validation before transitioning into offensive security, where he now leads technical penetration testing efforts across a wide product portfolio. His work focuses on identifying and mitigating security risks through ethical hacking and secure development practices. Jeff has hands-on experience testing Kubernetes-based platforms, including containerized Home Subscriber Server (HSS) products used in 4G infrastructure. He holds CEH and CCSP certifications and plays a key role in driving product security strategy and execution.

Similar Presentations:

• ToorCon San Diego 20 (2018) / Hacking and Hardening Kubernetes
• HushCon Seattle 2018 / Hacking and Hardening Kubernetes
• DEF CON 33 (2025) / Hands-on Kubernetes Attack & Defense Masterclass Workshop