We are speaking at the KubeSec Enterprise Online North America - 2021 Conference

Posted by
Riyaz Walikar
on
February 17, 2021
· 1 min read

KubeSec Enterprise Online North America - 2021 Conference

KubeSec is an industry event hosted by Aqua and their partners that focuses on security in cloud native environments, addressing the demanding security and compliance requirements when deploying Kubernetes in production.

The talks are spaced out over multiple weeks and has industry leaders and speakers from the following organizations

Speaker list companies

My talk titled - "Who else is in your Pod?" is scheduled for March 18th 2021 12 PM EDT (9:30 PM IST)

Who else is in your Pod?

The idea behind my talk came out of an internal discussion we had posing the question - "What would an attacker see inside a cluster if they gained access to a Pod from the Internet"? Additionally, how would the attacker get there?

With over a decade of experience in offensive security in web, mobile, cloud and network security, coming up with a scenario that will give us access to a Pod from the Internet was the easiest bit. Visualizing and identifying what an attacker can do and how they could traverse the cluster given the complexity of a cluster environment with multiple moving parts, was the learning part.

In the talk I will explore how attackers gain access to kubernetes clusters, how do they discover weaknesses that can be exploited to gain access to cluster resources and then move to gaining additional visibility within the cluster using their "Attacker in a Pod" status. We will look at the tactics and techniques that an attacker would use to evaluate and attack a Kubernetes environment and map their progress with the Kubernetes MITRE ATT&CK Framework created by Microsoft (https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/).

The talk will have real world examples taken from public hacks and examples from our Kubernetes pentest engagements.

Who are the other speakers

The conference will go on till March 25th 2021 as new speakers will be doing talks every week or so. For the full list of talks take a look at https://kubesec.aquasec.com/enterprise_online_na_2021

How do I register?

Fill the form at https://kubesec.aquasec.com/enterprise_online_na_2021#register and you are good to go!

Cheers!

More Articles

IAM Bad: Privilege Escalation using Misconfigured Policies in AWS IAM (Webinar)
Posted by
Riyaz Walikar
on
May 6, 2021

A walkthrough of the slides covered as part of our Star Wars Day special webinar on IAM policy misconfigurations that can lead to privilege escalations and a takeover of the target AWS account.

Read More
DeveloperWeek Europe 2021 - Walkthrough of the Talk slides and Audience Questions
Posted by
Riyaz Walikar
on
April 29, 2021

A walkthrough of the slides covered as part of the DeveloperWeek Europe 2021 virtual conference, attack details and answers to questions that were asked during the talk.

Read More
Who else is in your pod? - Walkthrough of the KubeSec Enterprise Online Talk
Posted by
Riyaz Walikar
on
April 8, 2021

A walkthrough of the slides covered during the KubeSec Enterprise Online 2021 talk with details of the attacks covered and tips and tricks to harden your Kubernetes cluster.

Read More

Ready to give Kloudle a try?

We help you monitor and prevent any data breaches.

Let's Talk