Friday, December 8 • 11:10am - 11:45am
Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle & CJ Cullen, Google

Sign up or log in to save this to your schedule and see who's attending!

Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included pentester... Read More →
avatar for CJ Cullen

CJ Cullen

Software Engineer, Google
CJ works on the Google Container Engine (GKE) Security team. CJ has helped develop the Kubernetes authentication and authorization system, as well as building the cluster deployment and management infrastructure of Google Container Engine.

Friday December 8, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4