Do you want to see live Kubernetes hacking? Come to see interactive demos where your recently registered accounts in a k8s application are hijacked. This talk guides you through various safety risks of Kubernetes, focusing on Insecure Workload Configuration and deficiency of Centralized Policy Enforcement from the OWASP Kubernetes Top 10 list. In live demos, you will find out how to exploit a scope of misconfigurations in your k8s clusters, attacking pods and containers via privilege escalation, leading to an eventual compromise of user accounts in an exemplary web application.
GeeCON 2024: P. Węgrzynowicz - Przewodnik hakera po niezabezpieczonej konfiguracji obciążeń w Kubernetes
Do you want to see live Kubernetes hacking? Come to see interactive demos where your recently registered accounts in a k8s application are hijacked. This talk guides you through various safety risks of Kubernetes, focusing on Insecure Workload Configuration and deficiency of Centralized Policy Enforcement from the OWASP Kubernetes Top 10 list. In live demos, you will find out how to exploit a scope of misconfigurations in your k8s clusters, attacking pods and containers via privilege escalation, leading to an eventual compromise of user accounts in an exemplary web application.
