Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 9:30 a.m. (30 minutes).

How are Kubernetes cluster’s being compromised in the wild? Come to this talk to find out! There aren’t a whole lot of public reports on successful attacks against Kubernetes clusters, so I plan to demystify how these occur. In this talk, I will walk through the compromise of a Kubernetes honeypot. (You will be surprised at how long it took!). Next, I expand this research to survey other Kubernetes clusters for signs of similar compromise. I will share research on how hundreds of other clusters have been compromised from multiple threat actors. Join me for a tale of Kubernetes, plunder, and cryptobooty.


Presenters:

  • James Condon
    James Condon is Director of Research at Lacework. James is a security veteran with over 10 years of experience in incident response, intelligence analysis, and automated threat detection. James was previously Director of Threat Research at ProtectWise (acquired by Verizon), an Incident Analyst for Mandiant, and a Special Agent in USAF OSI.

Links:

Similar Presentations: