Jay Beale Robert Yuen Jay Beale Robert Yuen

Kubernetes Bakery Attacks : Stealing Cloud Roles 

You’ve seen Kubernetes cluster hacks, but the Kubernetes defenses are getting stronger. Breaking your way to full cluster admin isn’t nearly as easy as it used to be… But, it’s still possible on a ton of clusters, particularly when the defenses don’t work the way it seems they’re supposed to work.

In this demo-dominated talk, we’ll demonstrate how a single node compromise on a cloud provider could lead to entire cluster compromise, working through an escalating option of defenses. In the course of the talk, we’ll demonstrate a previously-unknown weakness in one cloud-related defense, as well as weaknesses that are known, but not widely-understood. In each case, we’ll show or discuss what you can do to make your cluster safer.

Read More