Explore a real-life case study of an attack on a managed Kubernetes environment in this 32-minute conference talk from KubeCon + CloudNativeCon. Follow the step-by-step engagement with Alibaba Cloud's managed K8s environments, starting as an external user and progressing through code execution, privilege escalation, container escape, lateral movement, and ultimately gaining unauthorized access to other customers' databases. Gain valuable insights into how small configuration errors can be chained together to lead to a complete compromise of a managed cluster. Learn from this attacker's perspective to strengthen your own deployments and enhance your organization's security posture in managed Kubernetes environments.
The Attacker Perspective - Insights From Hacking Alibaba Cloud's Managed Kubernetes Environments
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
The Attacker Perspective - Insights From Hacking Alibaba Cloud... Hillai Ben-Sasson & Ronen Shustin
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Security Practices for Kubernetes Cluster Administrators - Redteam Views
-
Bypassing Falco - How to Compromise a Cluster without Tripping the SOC
-
Kubernetes to Cloud Attack Vectors: Demos of Cross-Environment Vulnerabilities
-
K8s Post-Exploitation: Privilege Escalation, Sidecar Container Injection, and Runtime Security
-
Kubernetes Security Blind Spot - Misconfigured System Pods
-
Kubernetes Authentication and Authorization at Robinhood - Lessons from Reductions, Migrations, and Designing Automation
