Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Jed Salazar, Tunde Olu-Isa

2021-10-14

The presentation discusses container security in Kubernetes and how to create security policies to protect the cluster and its users.

• Introduction to the riskiest privileges that Pods can request
• Explanation of what enabling privileged means
• Importance of creating security policies to protect the cluster and its users
• Anecdote about a container named Paulie hitchhiking on a node named Gnome

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Brad Geesaman, Ian Coldwater, Duffie Cooley, Rory McCune

2021-10-13

When the hacker crew of geese collectively known as “SIG-Honk” read about a new CVE in the Kubernetes ecosystem affecting the runc project (CVE-2021-30465), they flew into action. With just a few details in the initial advisory notes as guidance, they were able to collaborate and generate a proof-of-concept exploit for Kubernetes, iterate and validate it against multiple types of clusters, and kick off a renewed coordinated disclosure process to help keep users safer. Join Ian Coldwater, Brad Geesaman, Rory McCune, and Duffie Cooley as we bring our expertise and experiences to share the details of our methodology, walk through our approach, and demonstrate the exploit and its effectiveness live on stage. Attendees will learn about the process of exploit development and disclosure, find out how to stay informed about vulnerabilities in open source dependencies that may affect the security of their clusters, and walk away with a new perspective on how to honk.