Demystifying the state of kubernetes cluster security - the cloud native way

Abstract

Attackers always get better with new attack techniques, so our threat modelling and defense mechanisms need to level up.

While the rapid adoption of Kubernetes shows just how disruptive these technologies have been, they have also led to new security problems. The widespread popularity and many organizations without proper security measures in place have made Kubernetes infra the perfect target for attackers.

The security of the Kubernetes cluster, of course, cannot be achieved in a single process. There are many moving parts within the Kubernetes cluster that must be properly secured.

The aim of the presentation is to demonstrate the kind of attacks that are possible due to misconfigurations. In particular, through the use of multiple examples, I will explain scenarios such as how misconfigured cluster privileges can lead to backdooring cloud environments, avoid detection by manipulating logging controls and access sensitive information and trade secrets due to IAM, pod security policy and webhook misconfigurations. The presentation will also include the demonstration of the tool, Kubestriker which is designed to perform automatic checks and scans to detect various misconfigurations and mitigate such consequences.

Vasant Chinnipilli

@cloudsecguy

Vasant is a security enthusiast, speaker and currently works as a Security Architect, DevSecOps Practitioner and working towards securing cloud and cloud native in a Continuous Deployment world. He is also developer of kubestriker - a blazing fast security auditing tool for kubernetes.

 

Pralhad Chaskar

@c0d3xpl0it

Pralhad Chaskar is Principal Offensive Security Consultant at Help AG, focussing on Infrastructure, Cloud and Kubernetes security. He volunteers as an organizer for the monthly Null Dubai Chapter meetup. His areas of interest are Infrastructure & Cloud Security and Fuzzing as a hobby.