December 6-8, 2017 - Austin, Texas
Click Here for More Information + Registration 

Customize your schedule by session topic and skill level:
Session Topic - Refer to the "Type" filter list to the right to find a session based on topic. Talk Difficulty - Sessions are categorized as [B]eginner, [I]ntermediate or [A]dvanced at the end of each talk title. No letter indicates an “Any” level. 
View analytic
Friday, December 8 • 11:10am - 11:45am
Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle & CJ Cullen, Google

Sign up or log in to save this to your schedule and see who's attending!

Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Container Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included p... Read More →
avatar for CJ Cullen

CJ Cullen

Software Engineer, Google
CJ works on the Google Container Engine (GKE) Security team. CJ has helped develop the Kubernetes authentication and authorization system, as well as building the cluster deployment and management infrastructure of Google Container Engine.

Friday December 8, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4

Attendees (329)