Explore advanced techniques for bypassing Falco, a popular runtime security tool for Kubernetes, in this 34-minute conference talk by Shay Berkovich from BlackBerry. Discover nine different classes of bypasses, including seven novel methods, that allow for stealthy target enumeration, privilege escalation, and lateral movement within a cluster. Learn how to leverage a specially designed container image and code snippets to automate these bypasses. Witness a practical demonstration of applying these techniques to compromise a secure Kubernetes cluster without alerting security operations. Gain valuable insights into the limitations of current security tools and understand the evolving landscape of Kubernetes security challenges.
Bypassing Falco - How to Compromise a Cluster without Tripping the SOC
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerry
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Bypassing Falco - Cluster Compromise Without Tripping the SOC
-
Cluster Grey Zone - Risks in Managed Cluster Middleware
-
The Attacker Perspective - Insights From Hacking Alibaba Cloud's Managed Kubernetes Environments
-
gVisor and Falco - Strengthening Kubernetes and Container Security with Visibility
-
Security Practices for Kubernetes Cluster Administrators - Redteam Views
-
Kubernetes Privilege Escalation Tactics - Understanding and Mitigating Vulnerabilities
