Explore Kubernetes security through a comprehensive conference talk that delves into attacking and defending K8s clusters. Gain insights into real-world attack scenarios using actual applications, understanding Kubernetes architecture, and leveraging the K8s Threat Matrix and MITRE ATT&CK for Containers. Learn about reconnaissance, exploitation, and post-exploitation phases, and discover best practices for securing clusters based on CIS Benchmarks. Master the implementation of Role-based access control (RBAC), audit logs, and network policies to enhance cluster security and prevent lateral movement by attackers.
Kubernetes Security: Attacking and Defending K8s Clusters
Overview
Syllabus
Intro
Awesome K8s Security List
MITRE ATT&CK Framework ATT&C
K8s Threat Matrix by Microsoft
MITRE ATT&CK for Containers (and K8s)
Initial Access
Exploitation/Execution
kube-hunter
Internal Recon - Inspect the K8s env
Post-Exploitation / Persistence
Defending K8s
The Kube API Server
CIS Kubernetes Benchmark
Image Scanning
The Pods
Pod Security Policy (PSP)
PSP Replacement Alternatives
RBAC (Role Based Access Control)
The etcd
The Network Policy
The Audit Logs
The Basics
Taught by
OWASP Foundation
