Friday, December 8 • 11:10am - 11:45am
Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle & CJ Cullen, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google, and is a regular at SIG-Auth. Greg has 15 years of experience in a number of security roles including product security, penetration testing, incident response, platform hardening... Read More →
avatar for CJ Cullen

CJ Cullen

Software Engineer, Google
CJ works on the Google Kubernetes Engine (GKE) Security team. CJ has helped develop the Kubernetes authentication and authorization system, as well as building the cluster deployment and management infrastructure of Google Kubernetes Engine.

Friday December 8, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4