logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Mauricio Salatino, Adrian Cole
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of webassembly in Dapper, a distributed application platform, and how it can be used to change the logical inside the deployed cells. The presentation also introduces the HTTP middleware component and the Wasm runtime that is embedded into the Dapper sidecar to run the filter.
  • Webassembly can be used to run third-party code inside the same process without launching another process
  • Dapper started exploring the use of webassembly in 2019
  • The zero dependency webassembly runtime for Go was used to embed webassembly virtual machine into a Go process
  • The HTTP middleware component was introduced to allow users to change requests or response
  • The Wasm runtime is embedded into the Dapper sidecar to run the filter
Authors: Shay Berkovich, Barak Sharoni
2023-04-20

tldr - powered by Generative AI

The presentation discusses the exploitation of a feature on the scope called custom plugin monitor, which extends the core functionality on the NPD and allows for a chain of attack that can lead to persistency. The talk highlights the need for a multi-level approach to cluster security and the importance of understanding the components in worker nodes.
  • The custom plugin monitor feature on the scope can be exploited to write a script into the circle folder node problem detector, which can lead to persistency.
  • Misconfigurations and file writing abilities of the Pod can be exploited to execute scripts as root and establish persistence.
  • Kubernetes security controls do not take into account middleware components, and permission and CSP-based methods may need to be rethought.
  • A multi-level approach to cluster security is necessary, including understanding the impact of misconfigurations, log-based detection, agent-based detection, and sensor-based detection.
  • It is important to understand the components in worker nodes to ensure cluster security.