Workshop 01 - Hands On Attacking and Defending the Kubernetes Ecosystem

Abstract

While the rapid adoption of Kubernetes shows just how disruptive these technologies have been, they have also led to new security problems. The widespread popularity and many organizations without proper security measures in place have made Kubernetes infra the perfect target for attackers.

The security of the Kubernetes cluster, of course, cannot be achieved in a single process. There are many moving parts within the Kubernetes cluster that must be properly secured.

The aim of the presentation is to demonstrate the kind of attacks that are possible due to misconfigurations. In particular, through the use of multiple examples, I will explain scenarios such as how misconfigured cluster privileges can lead to backdooring cloud environments, avoid detection by manipulating logging controls and access sensitive information and trade secrets due to IAM, pod security policy and webhook misconfigurations.


When: 9:00 AM, 17 September, 2021

The workshop is free to register, however we can only accommodate 60 participants first come first serve basis.


Speakers Information


Vasant Chinnipilli

Vasant is a security enthusiast and speaker, currently working as a Security Architect and DevSecOps Practitioner. His technical abilities span a wide range of technologies across various domains of information security including cloud and container security and penetration testing. He also specialises in cloud and cloud native security, devsecops and security automation. He is passionate about bridging the gap between the security and DevOps teams through finding effective ways to integrate security in the devops processes and allow security tools to flow freely through DevOps pipelines. He is also the developer of Kubestriker, an open source, platform agnostic security auditing tool, specially designed to secure the cloudnative and tackle Kuberenetes cluster security issues. This tool has been showcased in various conferences including Blackhat, Def Con and DevSecCon.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.