Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk

Dive into a captivating conference talk that explores the process of exploiting a unique volume configuration vulnerability in Kubernetes. Follow the journey of the "SIG-Honk" hacker team as they develop a proof-of-concept exploit for CVE-2021-30465, a security flaw affecting the runc project. Learn about their collaborative methodology, iterative approach, and the coordinated disclosure process they initiated to enhance user safety. Gain valuable insights into exploit development, vulnerability disclosure, and staying informed about potential security risks in open-source dependencies. Watch as the speakers demonstrate the exploit live, offering a new perspective on cluster security and the importance of vigilance in the Kubernetes ecosystem.