Sort by:  

Conference:  Defcon 31
Authors: Alex Tereshkin Principal System Software Engineer (Offensive Security), NVIDIA, Adam Zabrocki Distinguished Engineer (Offensive Security), NVIDIA

The Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely. When the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and "change of scope" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we would like to take you on the journey of the whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash. The chain will be about a dozen bugs long, so buckle up.
Authors: Antonio Ojea Garcia, Surya Seetharaman, Shane Utt

This talk will provide a high level overview of Kubernetes networking and share updates on some of the latest SIG-Network projects. These projects include Admin Network Policy, Topology Aware Routing, Multi Network, and more.
Authors: Lukas Pühringer, Joshua Lock

The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. TUF’s design has been described in many previous talks at KubeCon and elsewhere. This maintainer track session, for the first time, is indeed all about maintaining TUF. The two core project members, Joshua and Lukas, will share their insights into the organization, which consists of a specification, a standardization process, and a steadily growing number of implementations. They will talk about the different needs of the various subprojects, and show-case these efforts by walking through the recent reference implementation rewrite. Finally, they will point out the many avenues that exist for you to contribute to TUF. Because behind TUF stands a welcoming community, which is constantly looking for new people who are excited about a secure software supply chain.
Authors: Alice Wasko, Arko Dasgupta

Come here about updates on Envoy Gateway, the OSS Envoy ingress controller that the community has been working on!
Authors: Kingdon Barrett, Somtochi Onyekwere

tldr - powered by Generative AI

Improvements made to Flux CD's support for Git and other source control systems
  • Improved support for Git packages, making it easier to contribute
  • Refactored spaghetti code into a more organized structure
  • Improved support for DevOps Azure DevOps and Git, and AWS CodeCommit
  • Improved clone speeds and reduced CPU and memory usage
  • PR out to enable GoGet for Azure DevOps and CodeCommit
  • Formalized RFC process for feature requests
Authors: Yong Tang, John Belamaric

Come to learn about CoreDNS and the latest updates to the project and roadmap. Stay to learn about how to write your own CoreDNS plugin!Click here to view captioning/translation in the MeetingPlay platform!
Authors: Richard Hartmann

OpenMetrics is now an Incubating project withing CNCF. It's also a required part of the Prometheus Conformance Program. What does that mean? What are the updates to be aware of? How can you leverage all of this today?
Authors: Saurabh Nandedkar

In this session, Saurabh will talk about the OWASP OWTF project and the latest updates.