Explore a live security hack demonstration that exposes vulnerabilities in a misconfigured Kubernetes cluster. Witness how an attacker can escalate privileges from a vulnerable web application to gaining full control of the entire cluster. Learn about the attacker's thought process, timeline of exploitation, and critical vulnerabilities such as environment variables, service tokens, and directory traversal. Discover essential security measures including secure namespaces, readonly root file systems, and proper network configurations. Gain insights into container primitives, critical execution paths, and the importance of changing default settings. Understand the principles of confidentiality, availability, and integrity in Kubernetes security. Apply these lessons to strengthen your own cluster's defenses and prevent potential attacks.
Live Security Hack - Hack My Mis-configured Kubernetes
Overview
Syllabus
Introduction
Demo Overview
Thought Process
What We Know
Timeline of Doom
Environment Variables
Network Information
Service Token
Update Timeline
Directory traversal vulnerability
Access Matrix
Secure namespace
Security boundary
Readonly root file system
Spawn root pod
Spawn nonroot container
Exploring the network
Update
Hack with new token
That was awesome
Confidentiality Availability Integrity
Container Primitives
Container Image
Critical Execution Path
Change Defaults
Be Careful With Your Code
Taught by
Linux Foundation
