Kubernetes Attack and Defense: Break Out and Escalate!

Presented at CanSecWest 2022, May 19, 2022, 3:15 p.m. (60 minutes)

Container break-out seems inevitable. Once outside of a container, an attacker can escalate privilege and possibly end up owning the entire cluster. As attackers, how do we break out of the container and then how do we escalate privilege? As defenders, how do we reduce the odds of a container break-out, while reducing its blast radius? In this demo-heavy presentation, we'll answer these questions, demonstrating attacks and defenses that you can take back and repeat on your own clusters.

Presenters:

• Jay Beale - InGuardians
  Jay Beale works on Kubernetes and cloud native security, both as a professional threat actor and as a member of the Kubernetes project, where he previously co-led the Security Audit working group. He's the architect of the Peirates attack tool for Kubernetes, as well as of the @Bustakube Kubernetes CTF cluster. He created Bastille Linux and the CIS Linux scoring tool, used by hundreds of thousands. Since 2000, he has led training classes on Linux & Kubernetes security at the Black Hat, RSA, CanSecWest and IDG conferences. An author and speaker, Beale has contributed to nine books, two columns and over 100 public talks. He is CTO of the infosec consulting company InGuardians.

Links:

• https://cansecwest2022.sched.com/event/ztHr/kubernetes-attack-and-defense-break-out-and-escalate

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Living in a Secure Container, Down by the River
• HushCon Seattle 2022 / Kubernetes: Break in and Break Out
• Black Hat USA 2022 / Kubernetes Privilege Escalation: Container Escape == Cluster Admin?