.NET Beyond

A collection of conversations exploring the wider world of .NET

The Hand That Feeds: How to Misuse Kubernetes

Watch on YouTube
5:00 PM PDT on Thursday, Mar 31, 2022

The Hand That Feeds: How to Misuse Kubernetes

The Hand That Feeds: How to Misuse Kubernetes

Mar 31, 2022

In this episode

We usually trust the hand that feeds, but what happens when we can’t trust the hand that feeds us? How do we run applications when there is little to no trust?

In this session, we’re going to start by taking a look at attack paths in and around Kubernetes, acting as a Red Team. We’ll take advantage of an OWASP vulnerability within a supply chain attack giving us an entry point. From there, together we’ll explore how an attacker can take further control of the cluster via lateral and vertical movements.

Once we have your attention from seeing how this could be someone’s worst day, we’ll look at how we can patch this up as a Blue Team. We’ll see what we have available from Kubernetes that can mitigate some of this disaster, and what practices we should put in place to further strengthen and defend our compute.

From attending this session, you’ll leave with a Purple Team understanding of core concepts within Kubernetes, that defence is strengthened with depth, and how we can defend from Script Kiddies to Nation States.