Explore novel techniques used in recent real-world attacks that enabled adversaries to move laterally from a container in a Kubernetes cluster to external cloud resources in this 36-minute conference talk. Delve into inner-cluster lateral movement, focusing on Kubernetes RBAC configurations that unexpectedly allowed such movements and served as the root cause of vulnerabilities in containerized applications. Learn how to identify these activities using native Kubernetes tools. Examine cluster-to-cloud lateral movement, with emphasis on cluster-to-cloud authentication methods employed by major cloud providers like Azure, AWS, and GCP. Understand the three main authentication approaches: direct/modified access to IMDS, using Kubernetes as an OIDC identity provider, and storing credentials on underlying nodes. Analyze real-world incidents of cloud environment takeovers originating from Kubernetes clusters, and discover methods to prevent and detect such activities.
From the Cluster to the Cloud: Lateral Movements in Kubernetes
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
From the Cluster to the Cloud: Lateral Movements in Kubernetes - Yossi Weizman & Ram Pliskin
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
From the Cluster to the Cloud and Back to the Cluster - Lateral Movements in Kubernetes
-
From the Cluster to the Cloud - Lateral Movements in Kubernetes
-
Deploying Microservices to Kubernetes with Spring Boot and JHipster
-
Living off the Land Techniques in Managed Kubernetes Clusters
-
Kubernetes Authentication and Authorization at Robinhood - Lessons from Reductions, Migrations, and Designing Automation
-
Kubernetes Security with Identity & OIDC
