A Treasure Map of Hacking (and Defending) Kubernetes


Authors:   Andrew Martin


The presentation discusses threat-driven defense for Kubernetes and provides a guide on how to attack and defend clusters from various vulnerabilities and attacks.
  • Threat modeling and understanding attackers' capabilities is crucial for effective defense
  • Attack trees can help visualize potential attack paths and identify necessary controls
  • Supply chain attacks are a significant threat to Kubernetes security
  • Remote code execution and misconfigured containers are common vulnerabilities to exploit
  • Advanced runtime hardening and workload identity are important for cluster security
The presenter mentions Captain Hashtag as an eight-bit adversary that represents the attackers we should be wary of. The presenter also provides a treasure map that shows how to manually pen test pods and break out of containers.


In this ultimate guide to threat-driven defence, we threat model Kubernetes and detail how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to defend against a range of historical and current CVEs, misconfigurations, and advanced attacks: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security.Click here to view captioning/translation in the MeetingPlay platform!