Kubernetes Security: Learn by Hacking

Presented at A New HOPE (2022), July 23, 2022, 10 a.m. (50 minutes).

Learn how to attack, exploit, and hack Kubernetes clusters and application workloads. In this workshop, attendees are set loose on a series of vulnerable clusters in a competitive and collaborative capture the flag. Full methods, solutions, and vulnerabilities are revealed, along with actionable mitigation steps to enhance a cluster's security and lock down common misconfigurations. It is an entertaining and frenetic experience designed to develop the kind of expertise only realized in production environments. Emphasis is placed on collaboration and communication, which are key to unlocking some of the advanced flags. Previous experience with Kubernetes is required.

Presenters:

• Andrew Martin
  **Andrew Martin** has an incisive security engineering ethos gained by building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience delivering containerized solutions to enterprise and government. He is CEO at control-plane.io.

Links:

• https://scheduler.hope.net/new-hope/talk/SW7ZWP/

Similar Presentations:

• ToorCon San Diego 20 (2018) / Hacking and Hardening Kubernetes
• DerbyCon 9.0 Finish Line (2019) / Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty
• CHCon '21 (2021) / Hackin your first Kubernetes cluster: An intro to cloud & container infrastructure exploitation