Down the sinkhole with Kubernetes

Presented at ToorCon San Diego TwentyOne (2019), Nov. 8, 2019, noon (25 minutes).

Dive into a typical Kubernetes cluster by messing with the popular sidecar containers and supporting infrastructure.

With Kubernetes becoming a de-facto container orchestration platform, it's only a matter of time before it becomes a major target. While there are some widely publicized kubernetes vulnerabilities, this talk is not about them. Instead of taking kubernetes head on, learn how to do a recon on the k8s clusters and the common sets of sidecar containers. Then dive deep through the attack surface exposed by popular service meshes and API gateways, down to Helm and Tiller, into static pods and daemon sets, deeper to nodes and the control planes, and off to the docker registries, containers and images.

Presenters:

• Alex Ivkin
  Alex Ivkin is a Director of Solutions at Eclypsium, a Portland security company. With over a decade of security experience his focus is on secure deployments of (un)secure software, advisory and implementation of application security, container orchestration and IAM. Alex presented at numerous security industry conferences, trainings, co-authored the ISACA CSX Professional certification and has a Masters degree in Computer Science.

Links:

• https://talks.toorcon.net/toorcon21/talk/CASQRL/

Similar Presentations:

• HushCon Seattle 2019 / Down the sinkhole with kubernetes
• ToorCamp 2022 / Navigating the shallow waters of Kubernetes Security
• Canterbury Hacker Camp (2022) / Attack on Kubernetes