logo
allArticlesConferencesPresentations

Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!! - Fabian Kammel & James Cleverley

Conference:  KubeCon + CloudNativeCon Europe 2023

2023-04-21

Authors:   James Cleverley-Prance, Fabian Kammel

Summary

The presentation discusses the importance of threat modeling and demonstrates common attacks and defensive techniques against Kubernetes clusters and workloads.
  • Threat modeling is important to identify and address security risks in a system before it goes into production.
  • The Microsoft threat matrix for Kubernetes is a useful resource for identifying tactics and entry points an attacker could use and the mitigations to prevent them.
  • The presentation demonstrates six exploit scenarios, including leveraging a compromised container, exploiting RBAC misconfigurations, and hijacking the entire cluster.
  • For each scenario, the impact of the attack is discussed, and controls and mitigation strategies are presented.
  • The presentation concludes with a summary of the lessons learned.
The presenters demonstrate how an attacker can easily gain initial access to a Kubernetes cluster by exploiting a misconfigured Jupiter Hub deployment with default credentials. They emphasize the importance of restricting traffic via network segmentation and using strong authentication to prevent such attacks.

Abstract

Ever wondered about the security of your own Kubernetes cluster, but new to Kubernetes security and not sure where to start? In this talk Fabian and James will, via a series of live demos, demonstrate both common attacks and offensive techniques against Kubernetes clusters and workloads, and the runtime controls to protect against them. Scenarios include:Leveraging a compromised Container to attack the underlying node, pivot across the network, or abuse accessible secrets and tokens.A Malicious Insider exploiting common RBAC misconfigurations.Using a single node to hijack the entire cluster.Each attack will be contextualised via mapping to the threat model resources available to the community today, such as the MITRE ATT&CK® Containers Matrix and CNCF Financial Services User Group attack trees. Fabian and James will explain how to use these resources, and the demonstrated attacks and controls to threat model, security test and defend your own Kubernetes Clusters.
Materials:
Tags:
Kubernetes security
Kubernetes cluster security
container security
RBAC
CNCF

Post a comment

Related work

Know Your Enemy: Mapping Security Risks Using Threat Matrix for Kubernetes

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Ram Pliskin, Yossi Weizman
2021-10-14

What We've Learned from Scanning 10K+ Kubernetes Clusters

Conference:  Global AppSec Dublin 2023
Authors: Ben Hirschberg
2023-02-16

Kubernetes Security: Attacking and Defending K8s Clusters

Conference:  OWASP 20th Anniversary Event
Authors: Magno Logan
2021-09-24

Atomic Red Team: Where Adversary Emulation and EDR Testing Meet

Conference:  RSA Conference 2022
Authors:
2022-06-06

Sponsored Session: Palo Alto Networks

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Ashley Ward, Keith Mokris

Lightning Talk: A GNN Based Framework for Kubernetes Security Agents: Threat and Vulnerability Detectors, Recommenders and Attack Simulators

Conference:  OpenAI + Data Forum 2022
Authors: Zeyno A Dodd
2022-06-23