Events

We are speaking at the KubeSec Enterprise Online North America - 2021 Conference

Announcement post for our talk at the conference where we will talk about how attackers gain access and what they can do once they are "Attackers in a Pod".

We are speaking at the KubeSec Enterprise Online North America - 2021 Conference
Riyaz Walikar
September 7, 2021

KubeSec Enterprise Online North America - 2021 Conference

KubeSec is an industry event hosted by Aqua and their partners that focuses on security in cloud native environments, addressing the demanding security and compliance requirements when deploying Kubernetes in production.

The talks are spaced out over multiple weeks and has industry leaders and speakers from the following organizations

Speaker list companies

My talk titled - "Who else is in your Pod?" is scheduled for March 18th 2021 12 PM EDT (9:30 PM IST)

Who else is in your Pod?

The idea behind my talk came out of an internal discussion we had posing the question - "What would an attacker see inside a cluster if they gained access to a Pod from the Internet"? Additionally, how would the attacker get there?

With over a decade of experience in offensive security in web, mobile, cloud and network security, coming up with a scenario that will give us access to a Pod from the Internet was the easiest bit. Visualizing and identifying what an attacker can do and how they could traverse the cluster given the complexity of a cluster environment with multiple moving parts, was the learning part.

In the talk I will explore how attackers gain access to kubernetes clusters, how do they discover weaknesses that can be exploited to gain access to cluster resources and then move to gaining additional visibility within the cluster using their "Attacker in a Pod" status. We will look at the tactics and techniques that an attacker would use to evaluate and attack a Kubernetes environment and map their progress with the Kubernetes MITRE ATT&CK Framework created by Microsoft (https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/).

The talk will have real world examples taken from public hacks and examples from our Kubernetes pentest engagements.

Who are the other speakers

The conference will go on till March 25th 2021 as new speakers will be doing talks every week or so. For the full list of talks take a look at https://kubesec.aquasec.com/enterprise_online_na_2021

How do I register?

Fill the form at https://kubesec.aquasec.com/enterprise_online_na_2021#register and you are good to go!

Cheers!

We are speaking at the KubeSec Enterprise Online North America - 2021 Conference
ABOUT THE AUTHOR

Riyaz Walikar

Riyaz is a security evangelist, offensive security expert and researcher with over a decade of experience in the cyber security industry. His passion to break into some of the most well defended networks and systems in his career spanning 15 years has earned him a lot respect within the security industry. He has led Security Assessment and Penetration Testing teams at Pricewaterhouse Coopers (PwC) and Appsecco, and the Product Security Team at Citrix before co-founding Kloudle. Riyaz now specializes in cloud native, container and cloud security in general, helping build an easy to use security management platform to help companies enhance their visibility in the cloud, identify security misconfigurations and automate remediation for security gaps enabling compliance and operational security in multi-cloud environments. He is also an avid speaker and trainer and presents his research and findings at security conferences and community meetups around the world including BlackHat USA, BH Europe, BH Asia, nullcon and OWASP AppsecUSA.Specialties: Cloud (AWS, GCP, Azure, IBM, Others) Security, Cloud-Native Security, Kubernetes, Container Security, Web Application Security, Network and System Penetration Testing, Wireless Network Security, Malware Analysis and Reverse Engineering, Threat Modelling, Windows Forensics, Security Code Review, Vulnerability Research, Exploit Development and Reverse Engineering. Certifications: CKA, CKAD, OSCP

Enjoyed this read?

Subscribe to our newsletter and stay ahead with more great insights and resources on cloud security!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.