We are speaking at the KubeSec Enterprise Online North America - 2021 Conference
Events

We are speaking at the KubeSec Enterprise Online North America - 2021 Conference

Announcement post for our talk at the conference where we will talk about how attackers gain access and what they can do once they are "Attackers in a Pod".

Riyaz Walikar
September 7, 2021

KubeSec Enterprise Online North America - 2021 Conference

KubeSec is an industry event hosted by Aqua and their partners that focuses on security in cloud native environments, addressing the demanding security and compliance requirements when deploying Kubernetes in production.

The talks are spaced out over multiple weeks and has industry leaders and speakers from the following organizations

Speaker list companies

My talk titled - "Who else is in your Pod?" is scheduled for March 18th 2021 12 PM EDT (9:30 PM IST)

Who else is in your Pod?

The idea behind my talk came out of an internal discussion we had posing the question - "What would an attacker see inside a cluster if they gained access to a Pod from the Internet"? Additionally, how would the attacker get there?

With over a decade of experience in offensive security in web, mobile, cloud and network security, coming up with a scenario that will give us access to a Pod from the Internet was the easiest bit. Visualizing and identifying what an attacker can do and how they could traverse the cluster given the complexity of a cluster environment with multiple moving parts, was the learning part.

In the talk I will explore how attackers gain access to kubernetes clusters, how do they discover weaknesses that can be exploited to gain access to cluster resources and then move to gaining additional visibility within the cluster using their "Attacker in a Pod" status. We will look at the tactics and techniques that an attacker would use to evaluate and attack a Kubernetes environment and map their progress with the Kubernetes MITRE ATT&CK Framework created by Microsoft (https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/).

The talk will have real world examples taken from public hacks and examples from our Kubernetes pentest engagements.

Who are the other speakers

The conference will go on till March 25th 2021 as new speakers will be doing talks every week or so. For the full list of talks take a look at https://kubesec.aquasec.com/enterprise_online_na_2021

How do I register?

Fill the form at https://kubesec.aquasec.com/enterprise_online_na_2021#register and you are good to go!

Cheers!

ABOUT THE AUTHOR
Riyaz Walikar

Enjoyed this read?

Subscribe to our newsletter and stay ahead with more great insights and resources on cloud security!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.