Главная
Study mode:
on
1
Intro
2
MENTAL HEALTH
3
COMMUNITY
4
CLIMATE CHANGE
5
NOT A SECURITY EXPERT
6
INSPIRATION HTTPS://YOUTU.BE/IWKIQK8KDK8
7
KUBERNETES DASHBOARD
8
POP QUIZ
9
FIRST REACTION
10
LETS GET STARTED
11
LETS OWN A WEBSITE
12
LETS REVIEW
13
HAS ANYONE KNOWINGLY CREATED A VULNERABILITY
14
OWASP
15
WHAT IS A VULNERABILITY?
16
EXAMPLE HEARTBLEED
17
JUMP INTO THE BOX
18
IMAGE SCANNING
19
STATIC TOKENS AND PASSWORDS
20
TIP: SCHEDULED BUILDS
21
FOCUS ON CI/CD
22
FAIL IF ITS NOT SECURE
23
DON'T SSH TO PATCH
24
REDUCE THE ATTACK VECTOR
25
PRIVATE CONTAINER REGISTRIES
26
PULL LATEST
27
IMAGE TRUST AND SUPPLY CHAIN
28
CASE STUDY TYLENOL CYANIDE DEATHS
29
ESCAPE THE CONTAINER
30
RUNNING CONTAINERS ON KUBERNETES
31
WHAT COULD POSSIBLY GO WRONG?
32
EXFILTRATION OF SENSITIVE DATA
33
ELEVATE PRIVILEGES INSIDE KUBERNETES TO ACCESS ALL WORKLOADS
34
POTENTIALLY GAIN ROOT ACCESS TO THE KUBERNETES WORKER NODES
35
PERFORM LATERAL NETWORK MOVEMENT OUTSIDE THE CLUSTER
36
RUN A COMPROMISED POD
37
FEATURE DRIVEN
38
SECURITY FOLLOWS
39
BEST PRACTICE
40
REDUCE HOST MOUNTS
41
DON'T USE ROOT
42
USER COMMAND IN DOCKERFILE
43
RBAC
44
ROLE ASSIGNMENT
45
ROLE AUTHORISATION
46
PERMISSION AUTHORISATION
47
MASTER AND WORKERS
48
CONTROL PLANE
49
LAYERED SECURITY APPROACH
50
ADMISSION CONTROLLER
51
ALWAYSPULLIMAGES
52
DENYESCALATINGEXEC
53
PODSECURITYPOLICY
54
LIMITRANGE RESOURCEQUOTA
55
CAN WE SEE WHATS RUNNING
56
NAMESPACE
57
NETWORKPOLICIES
58
PASSING SECRETS TO CONTAINERS
59
TOOLS
60
HAIL MARY
61
RUNTIMES
62
SERVICE MESHES
63
RELEASE OFTEN / FAST
64
CHAOS ENGINEERING
65
SECURITY UPDATES
Description:
Explore container and orchestrator vulnerabilities through a live hacking demonstration in this 57-minute conference talk from NDC Conferences. Witness a red team member attempt to hack a cluster while a blue team member defends it, providing real-world insights into potential security risks. Learn about developing best practices, implementing security policies, and effective service monitoring to prevent attacks. Gain valuable knowledge on topics such as image scanning, static tokens and passwords, CI/CD security, private container registries, and potential attack vectors in Kubernetes environments. Discover practical strategies for reducing host mounts, implementing RBAC, using admission controllers, and leveraging network policies to enhance container and orchestrator security.

What Vulnerabilities? Live Hacking of Containers and Orchestrators

NDC Conferences
Add to list
#Conference Talks #NDC Conferences #Computer Science #DevOps #Kubernetes #Information Security (InfoSec) #Cybersecurity #Access Control #Containerization #Container Security #Container Registry
1 of 65

Intro