Presented at ToorCon San Diego 20 (2018)
Sept. 14, 2018, 4 p.m.
In this talk, we will demonstrate attacks on Kubernetes clusters, discuss defenses, then demonstrate how those defenses break the attacks. Come begin your training in Kubernetes attack and defense!
The number of companies moving to a microservices model appears to be increasing at an exponential rate, causing a similarly accelerating rate of adoption for Kubernetes and other container orchestration systems. Machine learning work has contributed to this as well, especially with this year's introduction of native Kubernetes support in Spark. It is time for the information security specialists to learn how to attack Kubernetes clusters, as well as learn how to defend them. In this talk, we will demonstrate attacks on Kubernetes clusters, discuss defenses, then demonstrate how those defenses break the attacks. All demonstrations will be recorded, to avoid interference from the Demo gods. Talk attendees will be able to download the same cluster on which the demos are performed, as well as the configuration files used to break the attacks. Come begin your training in Kubernetes attack and defense!
Jay Beale created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security's first Linux/UNIX scoring tool. He has led training classes on Linux security at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given roughly one hundred public talks. He is a co-founder, COO and CTO of the information security consulting company InGuardians.
Jay Beale is Chief Technology Officer and Chief Operating Officer for InGuardians. He is known for his work on mitigation technology, specifically in the form of operating system and application hardening. He’s written two of the most popular tools in this space which are used worldwide throughout government and private industry: Bastille Linux, a lockdown tool that introduced a vital security-training component, and the Center for Internet Security’s Unix Scoring Tool. Through Bastille and his work with the Center, Jay has provided leadership in the Linux system hardening space, participating in efforts to set, audit, and implement standards for Linux/Unix security within industry and government. Jay has served as an invited speaker at a variety of conferences worldwide as well as government symposia. He’s written for Information Security Magazine, SecurityFocus, and the now-defunct SecurityPortal.com. He has worked on six books in the Information Security space, including those in his Open Source Security Series, which includes an international bestseller on the Snort intrusion detection system. Jay is a member of the Honeynet Project, the OVAL Board, and the Cyber Security Policy and Research Institute at George Washington University. As a consultant, Jay focuses on the broad space of security assessments, including penetration tests, security architecture reviews and system audits. Prior to consulting, Jay served as the Security Team Director for MandrakeSoft, helping set company strategy, design security products, and pushing security into the third largest retail Linux distribution.