Escalating Attack and Defense on Cloud-based Kubernetes — The Difference Between a Container and a Pod is a Pod can Begin an Adventure!

Presented at ShmooCon 2023, Jan. 21, 2023, 11 a.m. (60 minutes).

You’ve seen Kubernetes cluster hacks, but the Kubernetes defenses are getting stronger. Breaking your way to full cluster admin isn’t nearly as easy as it used to be… But, it’s still possible on a ton of clusters, particularly when the defenses don’t work the way it seems they’re supposed to work.

In this demo-dominated talk, we’ll show an attack that starts with a compromised library, moves laterally, and escalates privilege to compromise of a single node of a large cluster. That’s where things get interesting, where you can see how Kubernetes and cloud provider defenses have evolved. We’ll move into a multiverse of madness, where a single choice of defense leads to a different universe, with a cluster that should be stronger than it turns out to be. We’ll demonstrate how the single node compromise could lead to entire cluster compromise, working through an escalating option of defenses. In the course of the talk, we’ll demonstrate a previously-unknown weakness in one cloud-related defense, as well as weaknesses that are known, but not widely-understood. In each case, we’ll show or discuss what you can do to make your cluster safer.


Presenters:

  • Jay Beale
    Jay Beale (@jaybeale) is CTO and CEO for InGuardians. He works on Kubernetes, Linux, and CloudNative security, both as a professional threat actor and an Open Source maintainer and contributor. He’s the architect of the open source Peirates attack tool for Kubernetes and Bustakube CTF Kubernetes cluster. Jay helps create and run DEF CON’s Kubernetes CTF and previously co-led the Kubernetes project’s Security Audit Working Group. Since 2000, he has led training classes on Linux & Kubernetes security at public conferences and in private training. Jay can’t seem to stop running and, unrelatedly, enjoys talking with people about ADHD and neurodiversity.

Similar Presentations: