A Hacker's Guide to Kubernetes and the Cloud

As Kubernetes increases in adoption it is inevitable that more clusters will come under attack by people wanting to compromise specific applications or just people looking to get access to resources for things like crypto-coin mining. The goal of this talk is to take an attackers perspective on typical cloud-based Kubernetes deployments, examine how attackers will find and compromise clusters and the applications running on them and suggest practical ways to improve the security of your cluster. This talk will draw on the presenters long experience of offensive security to provide an attacker’s eye view of the challenges of running production Kubernetes clusters in cloud-facing environments.

This talk was delivered at Kubecon EU 2018, and a recording is available here

© 2022. All rights reserved.