Kubernetes is the most popular container orchestration platform for automated deployment, scaling, and management of containerized applications. With more and more applications moving in Kubernetes, it is crucial to realize Kubernetes safety risks. This talk guides you through various safety hazard of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you will find out how to exploit a scope of vulnerabilities or misconfigurations in your k8s clusters, attacking containers, pods, network, or k8s components, leading to an eventual compromise of user accounts in an exemplary web application. You will learn about common mistakes and vulnerabilities along with the best practices for hardening of your Kubernetes systems.
GeeCON 2023: Patrycja Wegrzynowicz - The Hacker’s Guide to Kubernetes
Kubernetes is the most popular container orchestration platform for automated deployment, scaling, and management of containerized applications. With more and more applications moving in Kubernetes, it is crucial to realize Kubernetes safety risks. This talk guides you through various safety hazard of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you will find out how to exploit a scope of vulnerabilities or misconfigurations in your k8s clusters, attacking containers, pods, network, or k8s components, leading to an eventual compromise of user accounts in an exemplary web application. You will learn about common mistakes and vulnerabilities along with the best practices for hardening of your Kubernetes systems.