Think you know Kubernetes? Think again. Kubernetes is full of uncommon knowledge and doesn’t always behave the way we assume, containing unexpected gotchas and surprising behaviors that’ll make you say, “how come nobody told me this earlier?” In this talk, Ian Coldwater and Brad Geesaman will shine a light on hidden secrets in Kubernetes, demonstrating scary science such as pods in non-existent namespaces, bypassing network policies via DNS, fun with capable sidecar containers, and one weird trick attackers don’t want you to know. Defenders hate it! Don’t build your next threat model before watching this! Attendees will learn how not to get caught off guard by learning what to watch out for and how to better secure their systems. You won’t believe what happens next.